Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtree cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-9364
Unrestricted File Upload exists in BigTree CMS up to and including 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9365
CSRF exists in BigTree CMS up to and including 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2018-10364
BigTree prior to 4.2.22 has XSS in the Users management page via the name or company field.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2016-10223
An issue exists in BigTree CMS prior to 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute ar...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2018-18380
A Session Fixation issue exists in Bigtree prior to 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an malicious user to hijack an admin session.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2020-26668
A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to inject a malicious SQL query to the applications via the 'Create New Feed' function.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2020-26669
A stored cross-site scripting (XSS) vulnerability exists in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2020-26670
A vulnerability has been discovered in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
Bigtreecms Bigtree Cms
9.8
CVSSv3
CVE-2018-10574
site/index.php/admin/trees/add/ in BigTree 4.2.22 and previous versions allows remote malicious users to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2020-18467
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
Bigtreecms Bigtree Cms 4.4.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »