Bigtree CMS
by Bigtreecms
Source repositories
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10364 | Med | 0.00 | 5.4 | 0.01 | Apr 30, 2018 | BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | ||
| CVE-2018-10574 | Cri | 0.00 | 9.8 | 0.02 | Apr 30, 2018 | site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | ||
| CVE-2013-5313 | 0.00 | — | 0.01 | Aug 19, 2013 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. | |||
| CVE-2013-4881 | 0.00 | — | 0.02 | Aug 19, 2013 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php. | |||
| CVE-2013-4880 | 0.00 | — | 0.03 | Aug 14, 2013 | Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | |||
| CVE-2013-4879 | 0.00 | — | 0.03 | Aug 14, 2013 | SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. |
- risk 0.00cvss 5.4epss 0.01
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
- risk 0.00cvss 9.8epss 0.02
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
- CVE-2013-5313Aug 19, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
- CVE-2013-4881Aug 19, 2013risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
- CVE-2013-4880Aug 14, 2013risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
- CVE-2013-4879Aug 14, 2013risk 0.00cvss —epss 0.03
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
Page 3 of 3