CVE-2020-25453
published 2020-09-15CVE-2020-25453: An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.28%
92.7th percentile
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackcat-cms | blackcat_cms | < 1.4 | 1.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect CSRF exploitation attempts against BlackCat CMS by monitoring for POST requests to CMS endpoints where the csrf_token parameter is absent or empty — the PoC explicitly removes the csrf_token value to bypass protection. ↗
- →The vulnerability allows remote arbitrary code execution via CSRF token bypass; alert on unexpected code execution or file write events originating from web server processes running BlackCat CMS versions prior to 1.4. ↗
- ·The CSRF bypass specifically targets BlackCat CMS versions before 1.4 (confirmed affected version: 1.3.6); detections should be scoped to installations running these versions. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.htmlhttps://github.com/BlackCatDevelopment/BlackCatCMS/issues/389http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.htmlhttps://github.com/BlackCatDevelopment/BlackCatCMS/issues/389
2020-09-15
Published