Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2017-14048

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.

  • Published: Aug 31, 2017
  • Updated: Nov 9, 2025
  • CVE: CVE-2017-14048
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
blackcat-cms / blackcat_cms 1.2 1.2.x