Vulnerabilities > Blackcat CMS

DATE CVE VULNERABILITY TITLE RISK
2017-08-31 CVE-2017-14050 Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
network
low complexity
blackcat-cms CWE-434
8.8
8.8
2017-08-31 CVE-2017-14049 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.
network
low complexity
blackcat-cms CWE-79
5.4
5.4
2017-08-31 CVE-2017-14048 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS 1.2
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php.
network
low complexity
blackcat-cms CWE-352
8.8
8.8
2017-08-31 CVE-2017-13670 Unspecified vulnerability in Blackcat-Cms Blackcat CMS 1.2
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.
network
low complexity
blackcat-cms
6.5
6.5
2017-07-17 CVE-2017-9609 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
network
low complexity
blackcat-cms CWE-79
5.4
5.4
2015-07-14 CVE-2015-5521 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.1.2
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
network
low complexity
blackcat-cms CWE-79
4.8
4.8