Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms bigtree cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-10574
site/index.php/admin/trees/add/ in BigTree 4.2.22 and previous versions allows remote malicious users to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
Bigtreecms Bigtree Cms
9.8
CVSSv3
CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS prior to 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9547
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is schedu...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2016-10223
An issue exists in BigTree CMS prior to 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute ar...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2018-18380
A Session Fixation issue exists in Bigtree prior to 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an malicious user to hijack an admin session.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2018-10364
BigTree prior to 4.2.22 has XSS in the Users management page via the name or company field.
Bigtreecms Bigtree Cms
6.5
CVSSv3
CVE-2017-9378
BigTree CMS up to and including 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is dele...
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-7881
BigTree CMS up to and including 4.2.17 relies on a substring check for CSRF protection, which allows remote malicious users to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/deve...
Bigtreecms Bigtree Cms
2 Github repositories
6.5
CVSSv3
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS up to and including 4.2.19 allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/t...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2022-36197
BigTree CMS 4.4.16 exists to contain an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted PDF file.
Bigtreecms Bigtree Cms 4.4.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »