2 matches found
CVE-2017-14399
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajaxrename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php...
CVE-2017-14399
The CVE-2017-14399 entry concerns BlackCat CMS 1.2.2, where an unrestricted file upload vulnerability exists in backend/media/ajax_rename.php via the extension parameter. The documented behavior demonstrates changing a .jpg extension to .php, enabling upload of executable PHP files. Connected sou...