Unrated severityNVD Advisory· Published Aug 19, 2013· Updated Apr 29, 2026

CVE-2013-5313

Description

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.

Affected products

Bigtreecms/Bigtree CMS9 versions
cpe:2.3:a:bigtreecms:bigtree_cms:*:rc2:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:bigtreecms:bigtree_cms:*:rc2:*:*:*:*:*:*range: <=4.0
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b1:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b2:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b3:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b4:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b5:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b6:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b7:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:rc1:*:*:*:*:*:*

Patches

4b0faa90fa8b

https://github.com/bigtreecms/BigTree-CMSvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834nvdExploitPatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000