Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blackcat-cms blackcat cms 1.2 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-14048
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.
Blackcat-cms Blackcat Cms 1.2
5.4
CVSSv3
CVE-2017-14049
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.
Blackcat-cms Blackcat Cms 1.2
8.8
CVSSv3
CVE-2017-14050
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
Blackcat-cms Blackcat Cms 1.2
5.4
CVSSv3
CVE-2017-9609
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
Blackcat-cms Blackcat Cms 1.2
1 Github repository
6.5
CVSSv3
CVE-2017-13670
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.
Blackcat-cms Blackcat Cms 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started