Vulnerability Details CVE-2018-20405
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.0%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.0
References
Products affected by CVE-2018-20405
-
cpe:2.3:a:bigtreecms:bigtree:4.3