Lucene search
K

408 matches found

Cvelist
Cvelist
added 2013/08/13 6:0 p.m.35 views

CVE-2013-4880

Cross-site scripting XSS vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter...

5.6AI score0.03295EPSS
Exploits5References5
CVE
CVE
added 2013/08/13 6:0 p.m.117 views

CVE-2013-4879

Vulnerability: CVE-2013-4879 affects BigTree CMS 4.0 RC2 and earlier, due to an SQL injection in the code path that processes input via PATH_INFO to index.php (affecting core/inc/bigtree/cms.php). The root cause is insufficient sanitization/validation of user-supplied data, enabling remote attack...

7.5CVSS8.3AI score0.03169EPSS
Exploits6References5Affected Software1
CVE
CVE
added 2013/08/13 6:0 p.m.61 views

CVE-2013-4880

CVE-2013-4880 is an XSS vulnerability affecting BigTree CMS 4.0 RC2 and earlier, in core/admin/modules/developer/modules/views/add.php where the module parameter is unsafely handled. The issue allows a remote attacker to inject arbitrary HTML/script by crafting a link such as /site/index.php/admi...

4.3CVSS5.6AI score0.03295EPSS
Exploits5References5Affected Software1
Packet Storm
Packet Storm
added 2013/08/08 12:0 a.m.62 views

BigTree CMS 4.0 RC2 XSS / CSRF / SQL Injection

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.4AI score0.03295EPSS
Exploits8
Exploit DB
Exploit DB
added 2013/08/08 12:0 a.m.66 views

BigTree CMS 4.0 RC2 - Multiple Vulnerabilities

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS7AI score0.03295EPSS
Exploits8
exploitpack
exploitpack
added 2013/08/08 12:0 a.m.89 views

BigTree CMS 4.0 RC2 - Multiple Vulnerabilities

BigTree CMS 4.0 RC2 - Multiple Vulnerabilities Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type...

7.5CVSS0.5AI score0.03295EPSS
Exploits8
htbridge
htbridge
added 2013/07/17 12:0 a.m.56 views

Multiple Vulnerabilities in BigTree CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BigTree CMS, which can be exploited to perform SQL injection, Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. A remote attacker can add, modify or delete information in application's database and...

7.5CVSS8.1AI score0.03295EPSS
Exploits8Affected Software1
Exploit DB
Exploit DB
added 2013/07/17 12:0 a.m.52 views

BigTree CMS Cross Site Request Forgery Vulnerability

BigTree CMS Cross Site Request Forgery Vulnerability. CVE-2013-4881. Webapps exploit for php platform source: http://www.securityfocus.com/bid/61702/info BigTree CMS is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain...

6.8CVSS0.02199EPSS
Exploits5
Rows per page
Query Builder