BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a …\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/…\ URI.
CPE | Name | Operator | Version |
---|---|---|---|
bigtree-cms | eq | 4.0beta6 | |
bigtree-cms | eq | 4.2.12 | |
bigtree-cms | eq | 4.2 | |
bigtree-cms | eq | 4.0beta2 | |
bigtree-cms | eq | 4.2.23 | |
bigtree-cms | eq | 4.2.19 | |
bigtree-cms | eq | 4.2.7 | |
bigtree-cms | eq | 4.1.6 | |
bigtree-cms | eq | 4.2.21 | |
bigtree-cms | eq | 4.2.3 |