CVE-2023-53892

Description

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.

PUBLISHED Reserved 2025-12-15 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

Credits

Mirabbas Ağalarov finder

References

www.exploit-db.com/exploits/51605 exploit

www.exploit-db.com/exploits/51605 (ExploitDB-51605) exploit

blackcat-cms.org/ (BlackCat CMS Product Webpage) product

www.vulncheck.com/...ode-execution-via-jquery-plugin-manager (VulnCheck Advisory: Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager) third-party-advisory

cve.org (CVE-2023-53892)

nvd.nist.gov (CVE-2023-53892)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.