{"id":"CVE-2017-14399","details":"In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\\media\\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.","modified":"2026-03-13T23:35:00.245884Z","published":"2017-09-12T21:29:00.503Z","references":[{"type":"ADVISORY","url":"https://github.com/SPuerBRead/blackcat-cms-file-upload/blob/master/README.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blackcatdevelopment/blackcatcms","events":[{"introduced":"0"},{"last_affected":"e2133eceefe7401c14c0e09af726039ea95b25a6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.2"}]}}],"versions":["1.0","1.0.3","1.1","1.2","1.2.1","1.2.1RC1","1.2.2","v1.0.1","v1.0.2","v1.0.2a"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14399.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}