CVE-2023-53892 – Blackcat CMS 1.4 contains a remote code executi... (How to Fix)

Q: What is the severity of CVE-2023-53892?

CVE-2023-53892 has a CVSS score of 7.2 (HIGH). Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can execute arbitrary system commands by uploading a zip file with a PHP shell script and accessing it with a 'code' parameter. This affects all Blackcat CMS 1.4 installations with administrator accounts.

📋 TL;DR

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can execute arbitrary system commands by uploading a zip file with a PHP shell script and accessing it with a 'code' parameter. This affects all Blackcat CMS 1.4 installations with administrator accounts.

💻 Affected Systems

Products:

Blackcat CMS

Versions: 1.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator-level authentication to exploit.

📦 What is this software?

Blackcat Cms by Blackcat Cms

View all CVEs affecting Blackcat Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Attackers with administrator credentials upload web shells to maintain persistent access and execute commands on the server.

🟢

If Mitigated

Limited impact if proper access controls and file upload restrictions are in place.

🌐 Internet-Facing: HIGH - Internet-facing Blackcat CMS installations are directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or compromised credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires administrator credentials but is straightforward to execute with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://blackcat-cms.org/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable jquery plugin manager

linux

Remove or disable the vulnerable jquery plugin manager component.

# Remove or rename the jquery plugin manager directory
mv /path/to/blackcat/plugins/jquery /path/to/blackcat/plugins/jquery.disabled

Restrict file uploads

all

Configure web server to block PHP file execution from upload directories.

# Add to .htaccess in upload directories:
php_flag engine off
RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
AddType text/plain .php .phtml .php3

🧯 If You Can't Patch

Implement strict access controls and monitor administrator accounts for suspicious activity.
Deploy web application firewall (WAF) rules to block malicious file uploads and PHP execution attempts.

🔍 How to Verify

Check if Vulnerable:

Check if Blackcat CMS version is 1.4 and if the jquery plugin manager is accessible to administrators.

Check Version:

Check Blackcat CMS configuration files or admin panel for version information.

Verify Fix Applied:

Verify that PHP files cannot be uploaded via the jquery plugin manager or executed from upload directories.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to plugin directories
PHP file execution from non-standard locations
Administrator account logins from suspicious IPs

Network Indicators:

HTTP POST requests with zip files to plugin upload endpoints
Requests to PHP files with 'code' parameters in URLs

SIEM Query:

source="web_logs" AND (uri="/plugins/jquery/upload" OR uri MATCHES "*.php?code=*")

📊 Metadata

CVE ID: CVE-2023-53892

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.91% exploit probability (75.3th percentile)

Published: December 15, 2025

Last Updated: December 17, 2025

🔗 References

https://blackcat-cms.org/ Product
https://www.exploit-db.com/exploits/51605 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/blackcat-cms-remote-code-execution-via-jquery-plugin-manager Third Party Advisory
https://www.exploit-db.com/exploits/51605 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53892, you might also want to check these: