297 matches found
CVE-2022-36197
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2022-36197
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2022-36197
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2022-36197
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2022-36197
BigTree CMS 4.4.16 contains an arbitrary file upload vulnerability that enables remote code execution via a crafted PDF file. The issue is described across sources as an arbitrary file upload vulnerability affecting BigTree CMS, with CVE-2022-36197 (NVD: CVSS v3.1 base score 5.4; AV:N/AC:L/PR:L/U...
BigTree CMS 跨站脚本漏洞
BigTree CMS is a content management system. A security vulnerability exists in BigTree CMS version 4.4.16, which stems from the inclusion of an arbitrary file upload issue that allows an attacker to execute arbitrary code via a crafted PDF file...
PT-2022-23254 · Unknown · Bigtree Cms
Name of the Vulnerable Software and Affected Versions: BigTree CMS version 4.4.16 Description: The issue allows attackers to execute arbitrary code via a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For BigTree CMS version 4.4.16, update to a version that...
CVE-2020-18467
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
CVE-2020-18467
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
Cross site scripting
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
CVE-2020-18467
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
CVE-2020-18467
CVE-2020-18467 concerns a cross-site scripting (XSS) vulnerability in BigTree-CMS 4.4.3. The issue arises in the tag name field on the Tags page under General, exploitable by an authenticated user via a crafted website name submitted to admin/tags/create. The documented impact is XSS, with practi...
The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system allows a hacker to execute arbitrary SQL queries.
The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
BigTree CMS Remote Code Execution Vulnerability (CNVD-2021-39687)
BigTree CMS is an open source content management system based on PHP and MySQL. A remote code execution vulnerability exists in BigTree CMS 4.4.10 and earlier versions. The vulnerability can be exploited to execute arbitrary commands by sending a specially crafted request to the server via the...
BigTree CMS SQL Injection Vulnerability (CNVD-2021-39686)
BigTree CMS is an open source content management system based on PHP and MySQL. A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier versions. An attacker can exploit this vulnerability to inject malicious SQL queries into the application via the 'Creat...
BigTree CMS Multiple Vulnerabilities (Sep 2020)
BigTree CMS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-26669
A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...
CVE-2020-26670
A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function...
CVE-2020-26669
A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...
CVE-2020-26670
A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function...