CVE-2018-17341

2022-10-0316:22:11

mitre

www.cve.org

bigtree

4.2.23

windows

authentication bypass

remote attackers

8.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a …\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/…\ URI.

References

github.com/bigtreecms/BigTree-CMS/issues/345