QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53892

Published: Dec 15, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.

Vendor	Product	Versions
blackcat-cms	Blackcat CMS	affected `1.4`

Weaknesses (CWE)

References

ExploitDB-51605

exploit

BlackCat CMS Product Webpage

product

VulnCheck Advisory: Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.