Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-4881
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create an administrative user via an add user action ...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
6.8
CVSSv2
CVE-2013-5313
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user actio...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
7.5
CVSSv2
CVE-2013-4879
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO to index.php.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
4.3
CVSSv2
CVE-2013-4880
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the module parameter.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
5.8
CVSSv2
CVE-2017-6914
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.
Bigtreecms Bigtree Cms 4.2.16
Bigtreecms Bigtree Cms 4.1.8
5
CVSSv2
CVE-2017-9428
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS up to and including 4.2.18 on Windows, allowing malicious users to read arbitrary files via ..\ sequences in the directory parameter.
Bigtreecms Bigtree Cms
6.8
CVSSv2
CVE-2017-9379
Multiple CSRF issues exist in BigTree CMS up to and including 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2017-9443
BigTree CMS up to and including 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\d...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2017-9548
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is schedul...
Bigtreecms Bigtree Cms
7.5
CVSSv2
CVE-2018-10574
site/index.php/admin/trees/add/ in BigTree 4.2.22 and previous versions allows remote malicious users to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
Bigtreecms Bigtree Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »