exploitDog

CVE-2023-53892

Опубликовано: 15 дек. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.

Ссылки

https://blackcat-cms.org/
Product
https://www.exploit-db.com/exploits/51605
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/blackcat-cms-remote-code-execution-via-jquery-plugin-manager
Third Party Advisory
https://www.exploit-db.com/exploits/51605
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blackcat-cms:blackcat_cms:1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00906

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-gphj-9mh6-pq4r

CVSS3: 7.2

github

около 2 месяцев назад

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.

EPSS

Процентиль: 75%

0.00906

Низкий

7.2 High

CVSS3

Дефекты

CWE-434