Medium severity6.5NVD Advisory· Published Nov 27, 2017· Updated Jun 17, 2026
CVE-2017-16961
CVE-2017-16961
Description
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*range: <=4.2.19
- (no CPE)range: <=4.2.19
Patches
Vulnerability mechanics
References
1- github.com/bigtreecms/BigTree-CMS/issues/323nvdExploitIssue TrackingPatchThird Party Advisory
News mentions
0No linked articles in our index yet.