Published: 15/04/2017 Updated: 21/04/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

BigTree CMS up to and including 4.2.17 relies on a substring check for CSRF protection, which allows remote malicious users to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bigtreecms bigtree cms

BigTree CMS 45 wwwbigtreecmsorg/ Licensing BigTree CMS is publicly licensed under the GNU Lesser General Public License If you would like to use BigTree under a different license, please contact us Contributing We would love to have the community work with us on BigTree Guidelines are currently being created for how community contributions will be worked back into

BigTree CMS 43 wwwbigtreecmsorg/ Licensing BigTree CMS is publicly licensed under the GNU Lesser General Public License If you would like to use BigTree under a different license, please contact us Contributing We would love to have the community work with us on BigTree Guidelines are currently being created for how community contributions will be worked back into

CWE-352 https://www.cdxy.me/?p=765 https://github.com/bigtreecms/BigTree-CMS/commit/7761481ac40d83ac29fef42bc6b3c07c86694b56 https://nvd.nist.gov https://github.com/bigtreecms/BigTree-CMS

CVE-2017-7881

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect