Filtered by vendor Blackcat-cms
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25453 | 1 Blackcat-cms | 1 Blackcat Cms | 2022-01-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | |||||
| CVE-2015-5079 | 1 Blackcat-cms | 1 Blackcat Cms | 2019-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | |||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-19 | 6.5 MEDIUM | 8.8 HIGH |
| In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | |||||
| CVE-2017-14048 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. | |||||
| CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | |||||