Filtered by vendor Bigtreecms
Subscribe
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17030 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | |||||
| CVE-2018-10574 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | |||||
| CVE-2018-10364 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | |||||
| CVE-2018-10183 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action. | |||||
| CVE-2018-1000521 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. | |||||