Bigtree Cms@* Security Vulnerabilities and Issues — Bigtree Cms@* CVE List

Lucene search

BigtreecmsBigtree Cms*

3 matches found

CVE•added 2018/04/30 8:29 p.m.•39 views

CVE-2018-10574

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.

9.8CVSS9.8AI score0.00925EPSS

CVE•added 2018/04/30 9:29 p.m.•31 views

CVE-2018-10364

BigTree before 4.2.22 has XSS in the Users management page via the name or company field.

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2018/10/19 8:29 p.m.•30 views

CVE-2018-18380

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.

5.8CVSS5.4AI score0.00251EPSS