Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS up to and including 4.2.19 allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/t...
Bigtreecms Bigtree Cms
7.5
CVSSv2
CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS prior to 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2020-18467
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
Bigtreecms Bigtree Cms 4.4.3
3.5
CVSSv2
CVE-2018-6013
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.
Bigtreecms Bigtree Cms 4.2.19
4.3
CVSSv2
CVE-2017-6915
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6916
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6918
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.2.16
4.3
CVSSv2
CVE-2017-6917
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.2.16
4.3
CVSSv2
CVE-2018-18308
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
Bigtreecms Bigtree Cms 4.2.23
1 EDB exploit
NA
CVE-2022-36197
BigTree CMS 4.4.16 exists to contain an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted PDF file.
Bigtreecms Bigtree Cms 4.4.16
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »