4 matches found
BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities
Binary data 700143.prm...
CVE-2017-6914
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted...
CVE-2017-6914
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted...
CVE-2017-6914
CVE-2017-6914 concerns BigTree CMS, affecting versions 4.1.18 and 4.2.16. The vulnerability is a CSRF flaw triggered by the id parameter to the admin/ajax/users/delete/ endpoint, which allows an arbitrary user to be deleted. The connected Red Hat and other entries corroborate the CSRF nature but ...