Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigtreecms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-9546
admin.php in BigTree up to and including 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
Bigtreecms Bigtree Cms
7.5
CVSSv2
CVE-2018-10574
site/index.php/admin/trees/add/ in BigTree 4.2.22 and previous versions allows remote malicious users to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
Bigtreecms Bigtree Cms
NA
CVE-2022-36197
BigTree CMS 4.4.16 exists to contain an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted PDF file.
Bigtreecms Bigtree Cms 4.4.16
NA
CVE-2023-44954
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote malicious user to execute arbitrary code via the ID parameter in the Developer Settings functions.
Bigtreecms Bigtree Cms 4.5.7
4.3
CVSSv2
CVE-2017-6915
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6916
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.1.8
4.3
CVSSv2
CVE-2017-6917
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.
Bigtreecms Bigtree Cms 4.2.16
4.3
CVSSv2
CVE-2017-6918
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
Bigtreecms Bigtree Cms 4.2.16
6
CVSSv2
CVE-2018-17030
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
Bigtreecms Bigtree Cms 4.2.23
4.3
CVSSv2
CVE-2018-10183
An issue exists in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action.
Bigtreecms Bigtree Cms 4.2.22
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »