Lucene search
K

5 matches found

securityvulns
securityvulns
added 2013/09/09 12:0 a.m.73 views

Multiple Vulnerabilities in BigTree CMS

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.4AI score0.03295EPSS
Exploits8
Cvelist
Cvelist
added 2013/08/19 12:0 a.m.28 views

CVE-2013-4881

Cross-site request forgery CSRF vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php...

7AI score0.02199EPSS
Exploits5References5
CVE
CVE
added 2013/08/19 12:0 a.m.62 views

CVE-2013-4881

CVE-2013-4881 is a CSRF vulnerability in BigTree CMS 4.0 RC2 and earlier. The issue lies in core/admin/modules/users/create.php, allowing an attacker to hijack an admin’s session and create a new administrative user via requests to index.php. Exploitation demonstrated with a crafted form that sub...

6.8CVSS7.1AI score0.02199EPSS
Exploits5References5Affected Software1
0day.today
0day.today
added 2013/08/08 12:0 a.m.71 views

BigTree CMS 4.0 RC2 - Multiple Vulnerabilities

BigTree CMS version 4.0 RC2 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public...

7.5CVSS7.6AI score0.03295EPSS
Exploits8
Exploit DB
Exploit DB
added 2013/08/08 12:0 a.m.66 views

BigTree CMS 4.0 RC2 - Multiple Vulnerabilities

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS7AI score0.03295EPSS
Exploits8
Rows per page
Query Builder