VYPR
Medium severity6.5NVD Advisory· Published Nov 27, 2017· Updated Jun 17, 2026

CVE-2017-16961

CVE-2017-16961

Description

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*range: <=4.2.19
    • (no CPE)range: <=4.2.19

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.