Bigtreecms: >> Bigtree Cms >> 4.2.18 Security Vulnerabilities
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-06-02
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-02
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-06-02
Page 3