5 matches found
Multiple Vulnerabilities in BigTree CMS
Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
CVE-2013-4881
Cross-site request forgery CSRF vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php...
CVE-2013-4881
CVE-2013-4881 is a CSRF vulnerability in BigTree CMS 4.0 RC2 and earlier. The issue lies in core/admin/modules/users/create.php, allowing an attacker to hijack an admin’s session and create a new administrative user via requests to index.php. Exploitation demonstrated with a crafted form that sub...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
BigTree CMS version 4.0 RC2 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...