CVE-2013-5313
- EPSS 0.89%
- Veröffentlicht 19.08.2013 21:10:49
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an e...
CVE-2013-4881
- EPSS 2.2%
- Veröffentlicht 19.08.2013 13:07:58
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an ad...
CVE-2013-4880
- EPSS 3.3%
- Veröffentlicht 14.08.2013 13:50:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2013-4879
- EPSS 3.17%
- Veröffentlicht 14.08.2013 13:49:59
- Zuletzt bearbeitet 29.04.2026 01:13:23
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.