BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue – you already have full control of the CMS including running arbitrary PHP.
[
{
"cpes": [
"cpe:2.3:a:bigtreecms:bigtree:4.3:*:*:*:*:*:*:*"
],
"vendor": "bigtreecms",
"product": "bigtree",
"versions": [
{
"status": "affected",
"version": "4.3"
}
],
"defaultStatus": "unknown"
}
]