An issue exists in BlackCat CMS prior to 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
blackcat-cms blackcat cms