Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bigtree_cms
(Bigtreecms)| Repositories | https://github.com/bigtreecms/BigTree-CMS |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-15 | CVE-2017-6916 | CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | Bigtree_cms | 4.3 | ||
| 2017-03-15 | CVE-2017-6915 | CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed. | Bigtree_cms | 4.3 | ||
| 2017-03-15 | CVE-2017-6914 | CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted. | Bigtree_cms | 7.1 | ||
| 2017-11-27 | CVE-2017-16961 | A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | Bigtree_cms | 6.5 | ||
| 2017-07-29 | CVE-2017-11736 | SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | Bigtree_cms | 8.8 | ||
| 2017-02-14 | CVE-2016-10223 | An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | Bigtree_cms | 5.4 | ||
| 2013-08-19 | CVE-2013-5313 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. | Bigtree_cms | N/A | ||
| 2013-08-19 | CVE-2013-4881 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php. | Bigtree_cms | N/A | ||
| 2013-08-14 | CVE-2013-4880 | Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | Bigtree_cms | N/A | ||
| 2013-08-14 | CVE-2013-4879 | SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. | Bigtree_cms | N/A |