408 matches found
CVE-2013-4880
Cross-site scripting XSS vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter...
CVE-2013-4879
Vulnerability: CVE-2013-4879 affects BigTree CMS 4.0 RC2 and earlier, due to an SQL injection in the code path that processes input via PATH_INFO to index.php (affecting core/inc/bigtree/cms.php). The root cause is insufficient sanitization/validation of user-supplied data, enabling remote attack...
CVE-2013-4880
CVE-2013-4880 is an XSS vulnerability affecting BigTree CMS 4.0 RC2 and earlier, in core/admin/modules/developer/modules/views/add.php where the module parameter is unsafely handled. The issue allows a remote attacker to inject arbitrary HTML/script by crafting a link such as /site/index.php/admi...
BigTree CMS 4.0 RC2 XSS / CSRF / SQL Injection
Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type...
Multiple Vulnerabilities in BigTree CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BigTree CMS, which can be exploited to perform SQL injection, Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. A remote attacker can add, modify or delete information in application's database and...
BigTree CMS Cross Site Request Forgery Vulnerability
BigTree CMS Cross Site Request Forgery Vulnerability. CVE-2013-4881. Webapps exploit for php platform source: http://www.securityfocus.com/bid/61702/info BigTree CMS is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain...