CVE-2017-13670
31.08.2017, 04:29
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.Enginsight
| Vendor | Product | Version |
|---|---|---|
| blackcat-cms | blackcat_cms | 1.2 |
𝑥
= Vulnerable software versions