Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS up to and including 4.2.19 allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/t...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2017-9441
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS up to and including 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name paramete...
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2017-9442
BigTree CMS up to and including 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\a...
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2017-9443
BigTree CMS up to and including 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\d...
Bigtreecms Bigtree Cms
6.8
CVSSv2
CVE-2017-9444
BigTree CMS up to and including 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the ...
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2020-26668
A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to inject a malicious SQL query to the applications via the 'Create New Feed' function.
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2020-26669
A stored cross-site scripting (XSS) vulnerability exists in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
Bigtreecms Bigtree Cms
6.5
CVSSv2
CVE-2020-26670
A vulnerability has been discovered in BigTree CMS 4.4.10 and previous versions which allows an authenticated malicious user to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
Bigtreecms Bigtree Cms
4
CVSSv2
CVE-2017-9378
BigTree CMS up to and including 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is dele...
Bigtreecms Bigtree Cms
3.5
CVSSv2
CVE-2018-10364
BigTree prior to 4.2.22 has XSS in the Users management page via the name or company field.
Bigtreecms Bigtree Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »