Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms bigtree cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-44954
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote malicious user to execute arbitrary code via the ID parameter in the Developer Settings functions.
Bigtreecms Bigtree Cms 4.5.7
4.3
CVSSv2
CVE-2017-6915
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6916
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6917
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.2.16
4.3
CVSSv2
CVE-2017-6918
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.2.16
6
CVSSv2
CVE-2018-17030
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
Bigtreecms Bigtree Cms 4.2.23
4.3
CVSSv2
CVE-2018-10183
An issue exists in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action.
Bigtreecms Bigtree Cms 4.2.22
3.5
CVSSv2
CVE-2018-6013
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.
Bigtreecms Bigtree Cms 4.2.19
3.5
CVSSv2
CVE-2020-18467
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
Bigtreecms Bigtree Cms 4.4.3
4.3
CVSSv2
CVE-2018-1000521
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have bee...
Bigtreecms Bigtree Cms 4.2.21
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »