Unrestricted File Upload Vulnerability in BlackCat CMS 1.2.2

CVE-2017-14399 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.

Learn more about our Cms Pen Testing.