Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-9379
Multiple CSRF issues exist in BigTree CMS up to and including 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9427
SQL injection vulnerability in BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/design...
Bigtreecms Bigtree Cms
5.4
CVSSv3
CVE-2017-9441
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS up to and including 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name paramete...
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9442
BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\a...
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9444
BigTree CMS up to and including 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the ...
Bigtreecms Bigtree Cms
8.8
CVSSv3
CVE-2017-9449
SQL injection vulnerability in BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ ...
Bigtreecms Bigtree Cms
5.7
CVSSv3
CVE-2017-9546
admin.php in BigTree up to and including 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
Bigtreecms Bigtree Cms
8.1
CVSSv3
CVE-2018-17341
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote malicious users to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
Bigtreecms Bigtree Cms 4.2.23
8.8
CVSSv3
CVE-2017-7881
BigTree CMS up to and including 4.2.17 relies on a substring check for CSRF protection, which allows remote malicious users to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/deve...
Bigtreecms Bigtree Cms
2 Github repositories
8.8
CVSSv3
CVE-2017-9443
BigTree CMS up to and including 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\d...
Bigtreecms Bigtree Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »