Vulnerabilities > Blackcat CMS > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-25453 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS
An issue was discovered in BlackCat CMS before 1.4.
network
low complexity
blackcat-cms CWE-352
8.8
8.8
2018-02-28 CVE-2015-5079 Path Traversal vulnerability in Blackcat-Cms Blackcat CMS
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a ..
network
low complexity
blackcat-cms CWE-22
7.5
7.5
2017-09-12 CVE-2017-14399 Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2.2
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
network
low complexity
blackcat-cms CWE-434
8.8
8.8
2017-08-31 CVE-2017-14050 Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
network
low complexity
blackcat-cms CWE-434
8.8
8.8
2017-08-31 CVE-2017-14048 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS 1.2
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php.
network
low complexity
blackcat-cms CWE-352
8.8
8.8