Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-9546
admin.php in BigTree up to and including 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2016-10223
An issue exists in BigTree CMS prior to 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute ar...
Bigtreecms Bigtree Cms
6.8
CVSSv2
CVE-2017-9444
BigTree CMS up to and including 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the ...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2017-9448
Cross-site scripting (XSS) vulnerabilities in BigTree CMS up to and including 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\re...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2017-9547
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is schedu...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2017-9548
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is schedul...
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2020-26668
A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to inject a malicious SQL query to the applications via the 'Create New Feed' function.
Bigtreecms Bigtree Cms
5.8
CVSSv2
CVE-2018-18380
A Session Fixation issue exists in Bigtree prior to 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an malicious user to hijack an admin session.
Bigtreecms Bigtree Cms
6.8
CVSSv2
CVE-2017-7881
BigTree CMS up to and including 4.2.17 relies on a substring check for CSRF protection, which allows remote malicious users to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/deve...
Bigtreecms Bigtree Cms
2 Github repositories
7.5
CVSSv2
CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS prior to 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »