Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms bigtree cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-5313
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user actio...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
NA
CVE-2013-4879
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO to index.php.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
NA
CVE-2013-4880
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the module parameter.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
NA
CVE-2013-4881
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create an administrative user via an add user action ...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
7.1
CVSSv3
CVE-2017-6914
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.
Bigtreecms Bigtree Cms 4.2.16
Bigtreecms Bigtree Cms 4.1.8
5.4
CVSSv3
CVE-2018-10364
BigTree prior to 4.2.22 has XSS in the Users management page via the name or company field.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2020-26669
A stored cross-site scripting (XSS) vulnerability exists in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2020-26670
A vulnerability has been discovered in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
Bigtreecms Bigtree Cms
9.8
CVSSv3
CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS prior to 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
6.5
CVSSv3
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS up to and including 4.2.19 allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/t...
Bigtreecms Bigtree Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »