VYPR
← All advisories
High severity7.1NVD Advisory· Published Mar 15, 2017· Updated May 13, 2026

CVE-2017-6914

CVE-2017-6914

Description

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.

Affected products

2
  • Bigtreecms/Bigtree CMS2 versions
    cpe:2.3:a:bigtreecms:bigtree_cms:4.1.8:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bigtreecms:bigtree_cms:4.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:bigtreecms:bigtree_cms:4.2.16:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.