A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS up to and including 4.2.18 on Windows, allowing malicious users to read arbitrary files via ..\ sequences in the directory parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bigtreecms bigtree_cms |