Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms bigtree cms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-17341
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote malicious users to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
Bigtreecms Bigtree Cms 4.2.23
4.3
CVSSv2
CVE-2018-18308
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
Bigtreecms Bigtree Cms 4.2.23
1 EDB exploit
4.3
CVSSv2
CVE-2017-6916
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6918
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.2.16
3.5
CVSSv2
CVE-2018-6013
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.
Bigtreecms Bigtree Cms 4.2.19
4.3
CVSSv2
CVE-2018-1000521
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have bee...
Bigtreecms Bigtree Cms 4.2.21
4.3
CVSSv2
CVE-2018-10183
An issue exists in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action.
Bigtreecms Bigtree Cms 4.2.22
NA
CVE-2022-36197
BigTree CMS 4.4.16 exists to contain an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted PDF file.
Bigtreecms Bigtree Cms 4.4.16
4.3
CVSSv2
CVE-2017-6915
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.1.8
3.5
CVSSv2
CVE-2020-18467
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
Bigtreecms Bigtree Cms 4.4.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »