Directory Traversal Vulnerability in BlackCat CMS by BlackCat Software
CVE-2015-5079

7.5HIGH

Key Information:

Vendor

Blackcat-cms

Status
Blackcat Cms
Vendor
CVE Published:
28 February 2018

What is CVE-2015-5079?

The BlackCat CMS is affected by a directory traversal vulnerability located in the widgets/logs.php file. This security flaw enables remote attackers to read arbitrary files on the server if they manipulate the dl parameter with the traversal sequence '..' (dot dot). This exposure can lead to serious data breaches if sensitive files are accessed. It is essential for users to update their BlackCat CMS to version 1.1.2 or later to mitigate this risk. For more details, please refer to the advisory articles linked below.

References

http://packetstormsecurity.com/files/132541/BlackCat-CMS-...
x_refsource_MISC
https://www.htbridge.com/advisory/HTB23263
x_refsource_MISC
http://www.securityfocus.com/archive/1/535900/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

31% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.