Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtree cms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-1000521
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have bee...
Bigtreecms Bigtree Cms 4.2.21
NA
CVE-2023-44954
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote malicious user to execute arbitrary code via the ID parameter in the Developer Settings functions.
Bigtreecms Bigtree Cms 4.5.7
NA
CVE-2022-36197
BigTree CMS 4.4.16 exists to contain an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted PDF file.
Bigtreecms Bigtree Cms 4.4.16
383
VMScore
CVE-2017-6915
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.1.8
383
VMScore
CVE-2017-6917
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.2.16
383
VMScore
CVE-2017-6918
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.2.16
435
VMScore
CVE-2018-18308
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
Bigtreecms Bigtree Cms 4.2.23
1 EDB exploit
578
VMScore
CVE-2017-11736
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
Bigtreecms Bigtree Cms 4.2.18
312
VMScore
CVE-2018-6013
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.
Bigtreecms Bigtree Cms 4.2.19
534
VMScore
CVE-2018-17030
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
Bigtreecms Bigtree Cms 4.2.23
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »