CVE-2017-13670
In BlackCat CMS 1.2, CVE-2017-13670 describes a vulnerability where remote authenticated users can upload arbitrary files through the media/upload AJAX endpoint (backend/media/ajax_upload.php), demonstrated by a ZIP containing a PHP file. The available documents do not specify an exact exploit pa...