Blackcat-Cms: >> Blackcat Cms >> 1.2.2 Security Vulnerabilities
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-09-15
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-09-12