VYPR

Bigtree CMS

by Bigtreecms

Source repositories

CVEs (46)

  • CVE-2018-10364MedApr 30, 2018
    risk 0.00cvss 5.4epss 0.01

    BigTree before 4.2.22 has XSS in the Users management page via the name or company field.

  • CVE-2018-10574CriApr 30, 2018
    risk 0.00cvss 9.8epss 0.02

    site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.

  • CVE-2013-5313Aug 19, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.

  • CVE-2013-4881Aug 19, 2013
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

  • CVE-2013-4880Aug 14, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.

  • CVE-2013-4879Aug 14, 2013
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.

Page 3 of 3