PT-2017-13442 · Blackcat · Blackcat Cms

Publicado

2017-09-12

Atualizado

2017-09-19

CVE-2017-14399

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlackCat CMS version 1.2.2

Description The issue allows for unrestricted file upload in the backend/media/ajax rename.php file via the extension parameter. This can be exploited by changing the file extension, for example, from .jpg to .php.

Recommendations For BlackCat CMS version 1.2.2, consider restricting access to the backend/media/ajax rename.php file or validating the extension parameter to prevent malicious file uploads. As a temporary workaround, restrict the use of the extension parameter in the affected API endpoint until a patch is available.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2017-14399

Produtos afetados

Blackcat Cms

PT-2017-13442 · Blackcat · Blackcat Cms

CVE-2017-14399

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3