2017-09-12 21:00:00
mitre
PUBLISHED
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backendmediaajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.