2 matches found
CVE-2017-14050
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file...
CVE-2017-14050
In BlackCat CMS 1.2, backend/addons/install.php is vulnerable: remote authenticated users can execute arbitrary PHP code by uploading a ZIP archive containing a .php file. Root cause is improper handling/validation of uploaded PHP inside the ZIP, leading to remote code execution. Impact per sourc...