Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtree cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-4880
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the module parameter.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
6.8
CVSSv2
CVE-2013-5313
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user actio...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
7.5
CVSSv2
CVE-2013-4879
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO to index.php.
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
6.8
CVSSv2
CVE-2013-4881
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create an administrative user via an add user action ...
Bigtreecms Bigtree Cms 4.0
Bigtreecms Bigtree Cms
1 EDB exploit
5.8
CVSSv2
CVE-2017-6914
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.
Bigtreecms Bigtree Cms 4.2.16
Bigtreecms Bigtree Cms 4.1.8
3.5
CVSSv2
CVE-2016-10223
An issue exists in BigTree CMS prior to 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute ar...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2018-10364
BigTree prior to 4.2.22 has XSS in the Users management page via the name or company field.
Bigtreecms Bigtree Cms
5.8
CVSSv2
CVE-2018-18380
A Session Fixation issue exists in Bigtree prior to 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an malicious user to hijack an admin session.
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2020-26670
A vulnerability has been discovered in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2020-26668
A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to inject a malicious SQL query to the applications via the 'Create New Feed' function.
Bigtreecms Bigtree Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »