Blackcat-cms Blackcat Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Blackcat-cms Blackcat Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2017-14048 — CVSS 8.8 (high): BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to…
CVE-2020-25453 — CVSS 8.8 (high): An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code…
CVE-2017-14399 — CVSS 8.8 (high): In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated…
CVE-2017-14050 — CVSS 8.8 (high): In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that…
CVE-2015-5079 — CVSS 7.5 (high): Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a…
CVE-2023-53892 — CVSS 7.2 (high): Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files…
CVE-2017-13670 — CVSS 6.5 (medium): In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as…
CVE-2023-44043 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web…
CVE-2017-9609 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via…
CVE-2023-53891 — CVSS 5.4 (medium): Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page…
CVE-2018-16635 — CVSS 5.4 (medium): Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
CVE-2023-44042 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web…
CVE-2020-25877 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute…
CVE-2017-14049 — CVSS 5.4 (medium): In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website…
CVE-2018-10821 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin…
CVE-2015-5521 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name…
CVE-2020-25878 — CVSS 4.8 (medium): A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to…
CVE-2021-27237 — CVSS 4.8 (medium): The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
CVE-2014-5259 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows…