Upstream information

CVE-2017-13670 at MITRE


In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1055713 [RESOLVED / UPSTREAM]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:48:37 2022
CVE page last modified: Sat Apr 22 16:33:10 2023