2 matches found
Cross site request forgery (csrf)
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...
BlackCat CMS Arbitrary PHP Code Injection Vulnerability (CNVD-2017-24887)
BlackCat CMS is a PHP5, HTML5 content management system. BlackCat CMS suffers from an arbitrary PHP code injection vulnerability that allows remote authenticated users to inject arbitrary PHP code into info.php via the newmodulename parameter of specially crafted backend/addons/ajaxcreate.php...