Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtree cms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-9365
CSRF exists in BigTree CMS up to and including 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9379
Multiple CSRF issues exist in BigTree CMS up to and including 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9441
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS up to and including 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name paramete...
Bigtreecms Bigtree Cms
5.7
CVSSv3
CVE-2017-9546
admin.php in BigTree up to and including 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9548
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is schedul...
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9443
BigTree CMS up to and including 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\d...
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9444
BigTree CMS up to and including 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the ...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9448
Cross-site scripting (XSS) vulnerabilities in BigTree CMS up to and including 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\re...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2020-26669
A stored cross-site scripting (XSS) vulnerability exists in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
Bigtreecms Bigtree Cms
4.3
CVSSv3
CVE-2017-6916
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »