An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.html | Exploit Third Party Advisory VDB Entry |
https://github.com/BlackCatDevelopment/BlackCatCMS/issues/389 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.html | Exploit Third Party Advisory VDB Entry |
https://github.com/BlackCatDevelopment/BlackCatCMS/issues/389 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://github.com/BlackCatDevelopment/BlackCatCMS/issues/389 - Exploit, Third Party Advisory |
01 Jan 2022, 18:38
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:blackcat-cms:blackcat_cms:*:*:*:*:*:*:*:* |
Information
Published : 2020-09-15 22:15
Updated : 2024-11-21 05:17
NVD link : CVE-2020-25453
Mitre link : CVE-2020-25453
CVE.ORG link : CVE-2020-25453
JSON object : View
Products Affected
blackcat-cms
- blackcat_cms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)