CPE Details
BigTree CMS BigTree CMS 4.2.20
4.2.20
2019-05-14
16h22 +00:00
16h22 +00:00
2019-05-14
16h22 +00:00
16h22 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:bigtreecms:bigtree_cms:4.2.20:*:*:*:*:*:*:*
Informations
Vendor
bigtreecmsProduct
bigtree_cmsVersion
4.2.20Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function. | 8.8 |
Haute |
||
| A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update. | 5.4 |
Moyen |
||
| A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function. | 8.8 |
Haute |
||
| A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session. | 5.4 |
Moyen |
||
| site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | 9.8 |
Critique |
||
| BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | 5.4 |
Moyen |
2025©
tesweb SA
