Lucene search
BigtreecmsBigtree Cms4.2.23
3 matches found
CVE-2018-18308
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
6.1CVSS5.8AI score0.0604EPSS
CVE-2018-17030
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
7.5CVSS7.6AI score0.02417EPSS
CVE-2018-17341
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
8.1CVSS8.1AI score0.00461EPSS