BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a …\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/…\ URI.
CPE | Name | Operator | Version |
---|---|---|---|
bigtree_cms | eq | 4.2.23 |