Vulnerabilities > Blackcat CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-31 | CVE-2017-14050 | Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2 In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | 8.8 |
2017-08-31 | CVE-2017-14049 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2 In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | 5.4 |
2017-08-31 | CVE-2017-14048 | Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS 1.2 BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. | 8.8 |
2017-08-31 | CVE-2017-13670 | Unspecified vulnerability in Blackcat-Cms Blackcat CMS 1.2 In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. | 6.5 |
2017-07-17 | CVE-2017-9609 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2 Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | 5.4 |
2015-07-14 | CVE-2015-5521 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.1.2 Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. | 4.8 |