Lucene search
GoogleOSV:CVE-2017-16961HistoryNov 27, 2017 - 10:29 a.m.
CVE-2017-16961
2017-11-2710:29:00
Google
osv.dev
4
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bigtree-cms | eq | 4.0beta6 | |
| bigtree-cms | eq | 4.2.12 | |
| bigtree-cms | eq | 4.2 | |
| bigtree-cms | eq | 4.0beta2 | |
| bigtree-cms | eq | 4.2.19 | |
| bigtree-cms | eq | 4.2.7 | |
| bigtree-cms | eq | 4.1.6 | |
| bigtree-cms | eq | 4.2.3 | |
| bigtree-cms | eq | 4.2.14 | |
| bigtree-cms | eq | 4.2.9 |
Related
openvas
openvas
BigTree CMS SQL Injection Vulnerability (2)
2017-11-28 00:00:00
cvelist
cvelist
CVE-2017-16961
2017-11-27 10:00:00
prion
prion
Sql injection
2017-11-27 10:29:00
nvd
nvd
CVE-2017-16961
2017-11-27 10:29:00
cve
cve
CVE-2017-16961
2017-11-27 10:29:00