Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms bigtree cms vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2013-5313
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user actio...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
435
VMScore
CVE-2013-4880
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the module parameter.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
755
VMScore
CVE-2013-4879
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO to index.php.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
685
VMScore
CVE-2013-4881
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create an administrative user via an add user action ...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
516
VMScore
CVE-2017-6914
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.
Bigtreecms Bigtree Cms 4.2.16
Bigtreecms Bigtree Cms 4.1.8
312
VMScore
CVE-2016-10223
An issue exists in BigTree CMS prior to 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute ar...
Bigtreecms Bigtree Cms
605
VMScore
CVE-2017-9365
CSRF exists in BigTree CMS up to and including 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
Bigtreecms Bigtree Cms
312
VMScore
CVE-2017-9448
Cross-site scripting (XSS) vulnerabilities in BigTree CMS up to and including 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\re...
Bigtreecms Bigtree Cms
578
VMScore
CVE-2017-9449
SQL injection vulnerability in BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ ...
Bigtreecms Bigtree Cms
312
VMScore
CVE-2017-9547
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is schedu...
Bigtreecms Bigtree Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »