Lucene search
K

297 matches found

ATTACKERKB
ATTACKERKB
added 2022/08/03 1:15 a.m.2 views

CVE-2022-36197

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...

5.4CVSS6.4AI score0.00474EPSS
Exploits1References2
NVD
NVD
added 2022/08/03 1:15 a.m.21 views

CVE-2022-36197

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...

5.4CVSS0.00474EPSS
Exploits1References1
OSV
OSV
added 2022/08/03 1:15 a.m.5 views

CVE-2022-36197

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...

5.4CVSS6.1AI score0.00474EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/03 12:3 a.m.26 views

CVE-2022-36197

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...

6.3AI score0.00474EPSS
Exploits1References1
CVE
CVE
added 2022/08/03 12:3 a.m.58 views

CVE-2022-36197

BigTree CMS 4.4.16 contains an arbitrary file upload vulnerability that enables remote code execution via a crafted PDF file. The issue is described across sources as an arbitrary file upload vulnerability affecting BigTree CMS, with CVE-2022-36197 (NVD: CVSS v3.1 base score 5.4; AV:N/AC:L/PR:L/U...

5.4CVSS6.1AI score0.00474EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.5 views

BigTree CMS 跨站脚本漏洞

BigTree CMS is a content management system. A security vulnerability exists in BigTree CMS version 4.4.16, which stems from the inclusion of an arbitrary file upload issue that allows an attacker to execute arbitrary code via a crafted PDF file...

5.4CVSS6.3AI score0.00474EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/03 12:0 a.m.4 views

PT-2022-23254 · Unknown · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS version 4.4.16 Description: The issue allows attackers to execute arbitrary code via a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For BigTree CMS version 4.4.16, update to a version that...

5.4CVSS6AI score0.00474EPSS
Exploits1References6
OSV
OSV
added 2021/08/26 6:15 p.m.20 views

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2021/08/26 6:15 p.m.30 views

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

5.4CVSS0.00473EPSS
Exploits1References1
Prion
Prion
added 2021/08/26 6:15 p.m.14 views

Cross site scripting

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

3.5CVSS5.1AI score0.00473EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/26 5:28 p.m.32 views

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

5.1AI score0.00473EPSS
Exploits1References1
CVE
CVE
added 2021/08/26 5:28 p.m.53 views

CVE-2020-18467

CVE-2020-18467 concerns a cross-site scripting (XSS) vulnerability in BigTree-CMS 4.4.3. The issue arises in the tag name field on the Tags page under General, exploitable by an authenticated user via a crafted website name submitted to admin/tags/create. The documented impact is XSS, with practi...

5.4CVSS5.1AI score0.00473EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.6 views

The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

10CVSS8AI score0.01395EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/06/02 12:0 a.m.9 views

BigTree CMS Remote Code Execution Vulnerability (CNVD-2021-39687)

BigTree CMS is an open source content management system based on PHP and MySQL. A remote code execution vulnerability exists in BigTree CMS 4.4.10 and earlier versions. The vulnerability can be exploited to execute arbitrary commands by sending a specially crafted request to the server via the...

8.8CVSS8.4AI score0.01819EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/02 12:0 a.m.7 views

BigTree CMS SQL Injection Vulnerability (CNVD-2021-39686)

BigTree CMS is an open source content management system based on PHP and MySQL. A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier versions. An attacker can exploit this vulnerability to inject malicious SQL queries into the application via the 'Creat...

8.8CVSS7.7AI score0.01395EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/06/02 12:0 a.m.15 views

BigTree CMS Multiple Vulnerabilities (Sep 2020)

BigTree CMS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7AI score0.01819EPSS
Exploits3References1
NVD
NVD
added 2021/06/01 3:15 p.m.25 views

CVE-2020-26669

A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...

5.4CVSS0.00604EPSS
Exploits1References1
OSV
OSV
added 2021/06/01 3:15 p.m.9 views

CVE-2020-26670

A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function...

8.8CVSS7.5AI score
Exploits0References1
OSV
OSV
added 2021/06/01 3:15 p.m.14 views

CVE-2020-26669

A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...

5.4CVSS5.4AI score0.00604EPSS
Exploits1References1
NVD
NVD
added 2021/06/01 3:15 p.m.17 views

CVE-2020-26670

A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function...

8.8CVSS0.01819EPSS
Exploits1References1
Rows per page
Query Builder