Blackcat Cms Security Vulnerabilities and Issues — Blackcat Cms CVE List

Lucene search

Blackcat-cmsBlackcat Cms

6 matches found

CVE•added 2017/08/31 4:29 a.m.•55 views

CVE-2017-14048

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.

8.8CVSS8.3AI score0.00181EPSS

CVE•added 2017/08/31 4:29 a.m.•44 views

CVE-2017-14049

In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.

5.4CVSS5AI score0.0014EPSS

CVE•added 2017/08/31 4:29 a.m.•39 views

CVE-2017-13670

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.

6.5CVSS6.2AI score0.00133EPSS

CVE•added 2017/07/17 9:29 p.m.•39 views

CVE-2017-9609

Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.

5.4CVSS5AI score0.01159EPSS

CVE•added 2017/08/31 4:29 a.m.•38 views

CVE-2017-14050

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.

8.8CVSS8.6AI score0.00508EPSS

CVE•added 2017/09/12 9:29 p.m.•32 views

CVE-2017-14399

In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.

8.8CVSS8.6AI score0.00381EPSS