Cross-Site Request Forgery in BlackCat CMS by BlackCat Development
CVE-2020-25453

8.8HIGH

Key Information:

Vendor

Blackcat-cms

Status
Blackcat Cms
Vendor
CVE Published:
15 September 2020

What is CVE-2020-25453?

A serious CSRF vulnerability exists in BlackCat CMS versions prior to 1.4, allowing attackers to bypass existing CSRF protection mechanisms. This can lead to unauthorized remote code execution, posing significant risks to affected applications. It is crucial for users of BlackCat CMS to update their installations to mitigate these security concerns, as the flaw could potentially be exploited to perform malicious actions on the server.

References

https://github.com/BlackCatDevelopment/BlackCatCMS/issues...
x_refsource_MISC
http://packetstormsecurity.com/files/159237/BlackCat-CMS-...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2020-25453 : Cross-Site Request Forgery in BlackCat CMS by BlackCat Development