5 matches found
Multiple Vulnerabilities in BigTree CMS
Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
CVE-2013-4880
CVE-2013-4880 is an XSS vulnerability affecting BigTree CMS 4.0 RC2 and earlier, in core/admin/modules/developer/modules/views/add.php where the module parameter is unsafely handled. The issue allows a remote attacker to inject arbitrary HTML/script by crafting a link such as /site/index.php/admi...
CVE-2013-4880
creationtimestamp| type| source ---|---|--- 2013-08-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/27431...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
BigTree CMS version 4.0 RC2 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...