Security Advisory

CVE-2017-13670

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-08-31 04:00:00

Last updated 2024-08-05 19:05:19

Assigner mitre

State PUBLISHED

Description

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.

← Browse all CVEs View on cve.org ↗