PT-2025-51310 · Unknown+1 · Blackcat Cms+1
Mirabbas Ağalarov
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2023-53892
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Blackcat CMS version 1.4
Description
Blackcat CMS version 1.4 has a remote code execution issue. Authenticated administrators can upload malicious PHP files using the jquery plugin manager. An attacker can upload a zip file containing a PHP shell script and then execute arbitrary system commands by accessing the uploaded plugin’s PHP file with the
code parameter. The vulnerable component is the jquery plugin manager.Recommendations
Update to a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the jquery plugin manager for authenticated administrators.
Avoid uploading zip files through the jquery plugin manager.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blackcat Cms
Jquery Plugin