Lucene search
GoogleOSV:CVE-2020-26668HistoryJun 01, 2021 - 3:15 p.m.
CVE-2020-26668
2021-06-0115:15:07
Google
osv.dev
3
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the ‘Create New Feed’ function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bigtree-cms | eq | 4.2.14 | |
| bigtree-cms | eq | 4.2.17 | |
| bigtree-cms | eq | 4.0 | |
| bigtree-cms | eq | 4.3 | |
| bigtree-cms | eq | 4.4.5 | |
| bigtree-cms | eq | 4.4.10 | |
| bigtree-cms | eq | RC2 | |
| bigtree-cms | eq | 4.0RC2 | |
| bigtree-cms | eq | 4.4.4 | |
| bigtree-cms | eq | 4.4.9 |
References
Related
cvelist
cvelist
CVE-2020-26668
2021-06-01 14:13:23
cve
cve
CVE-2020-26668
2021-06-01 15:15:07
nvd
nvd
CVE-2020-26668
2021-06-01 15:15:07
prion
prion
Sql injection
2021-06-01 15:15:00
openvas
openvas
BigTree CMS Multiple Vulnerabilities (Sep 2020)
2021-06-02 00:00:00