Vulnerabilities > CVE-2017-13670 - Unspecified vulnerability in Blackcat-Cms Blackcat CMS 1.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

blackcat-cms

NVD

Published: 2017-08-31

Updated: 2019-10-03

Summary

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.

Vulnerable Configurations

Part	Description	Count
Application	Blackcat-Cms Blackcat CMS Blackcat CMS 1.2	1

References

https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE/blackcat_cms_RCE.md