Bigtreecms

Bigtree Cms

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-44954

Exploit
  • EPSS 0.58%
  • Veröffentlicht 01.11.2023 23:15:07
  • Zuletzt bearbeitet 21.11.2024 08:26:09

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.

5.4

CVE-2022-36197

Exploit
  • EPSS 0.33%
  • Veröffentlicht 03.08.2022 01:15:07
  • Zuletzt bearbeitet 21.11.2024 07:12:35

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.

5.4

CVE-2020-18467

Exploit
  • EPSS 0.2%
  • Veröffentlicht 26.08.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:08:37

Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.

8.8

CVE-2020-26670

Exploit
  • EPSS 1.94%
  • Veröffentlicht 01.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:20:14

A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.

5.4

CVE-2020-26669

Exploit
  • EPSS 0.37%
  • Veröffentlicht 01.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:20:13

A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.

8.8

CVE-2020-26668

Exploit
  • EPSS 0.42%
  • Veröffentlicht 01.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:20:13

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function.

5.8

CVE-2018-18380

  • EPSS 0.24%
  • Veröffentlicht 19.10.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:49

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack...

6.1

CVE-2018-18308

  • EPSS 4.6%
  • Veröffentlicht 16.10.2018 22:29:01
  • Zuletzt bearbeitet 21.11.2024 03:55:40

In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).

8.1

CVE-2018-17341

Exploit
  • EPSS 0.46%
  • Veröffentlicht 23.09.2018 05:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:15

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.

7.5

CVE-2018-17030

Exploit
  • EPSS 2.42%
  • Veröffentlicht 14.09.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:44

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.