Bigtree Cms Security Vulnerabilities and Issues — Bigtree Cms CVE List

Lucene search

BigtreecmsBigtree Cms

4 matches found

CVE•added 2013/08/14 1:49 p.m.•99 views

CVE-2013-4879

SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.

7.5CVSS8.3AI score0.02034EPSS

Web

CVE•added 2017/06/04 11:29 p.m.•36 views

CVE-2017-9428

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.

7.5CVSS7.5AI score0.00435EPSS

CVE•added 2017/03/15 4:59 p.m.•30 views

CVE-2017-6914

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.

7.1CVSS7AI score0.0012EPSS

Web

CVE•added 2018/09/14 2:29 a.m.•29 views

CVE-2018-17030

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.

7.5CVSS7.6AI score0.02417EPSS