CVEDB API

Vulnerabilities

Vulnerable Software

Bigtreecms: >> Bigtree Cms Security Vulnerabilities

CVE-2013-5313

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.

CVSS Score

6.8

EPSS Score

0.001

Published

2013-08-19

CVE-2013-4881

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

CVSS Score

6.8

EPSS Score

0.003

Published

2013-08-19

CVE-2013-4880

Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.

CVSS Score

4.3

EPSS Score

0.045

Published

2013-08-14

CVE-2013-4879

SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.

CVSS Score

7.5

EPSS Score

0.02

Published

2013-08-14

Page 5

Vulnerabilities

Vulnerable Software

Bigtreecms: >> Bigtree Cms Security Vulnerabilities

Products

Pricing

Contact Us