CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
CPE | Name | Operator | Version |
---|---|---|---|
bigtree-cms | eq | 4.2.8 | |
bigtree-cms | eq | 4.0b7 | |
bigtree-cms | eq | 4.1.3 | |
bigtree-cms | eq | 4.2.17 | |
bigtree-cms | eq | 4.0beta5 | |
bigtree-cms | eq | 4.2.18 | |
bigtree-cms | eq | 4.2.2 | |
bigtree-cms | eq | 4.2.10 | |
bigtree-cms | eq | 4.2.15 | |
bigtree-cms | eq | 4.0.3 |