Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-9449
SQL injection vulnerability in BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ ...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9547
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is schedu...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9548
admin.php in BigTree up to and including 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is schedul...
Bigtreecms Bigtree Cms
9.8
CVSSv3
CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS prior to 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-7881
BigTree CMS up to and including 4.2.17 relies on a substring check for CSRF protection, which allows remote malicious users to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/deve...
Bigtreecms Bigtree Cms
2 Github repositories
8.1
CVSSv3
CVE-2018-17341
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote malicious users to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
Bigtreecms Bigtree Cms 4.2.23
9.8
CVSSv3
CVE-2017-9364
Unrestricted File Upload exists in BigTree CMS up to and including 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9379
Multiple CSRF issues exist in BigTree CMS up to and including 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2018-18380
A Session Fixation issue exists in Bigtree prior to 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an malicious user to hijack an admin session.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9427
SQL injection vulnerability in BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/design...
Bigtreecms Bigtree Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »