Vulnerabilities > Bigtreecms > Bigtree CMS > 4.2.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-02 | CVE-2017-9365 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. | 8.8 |
| 2017-06-02 | CVE-2017-9364 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 9.8 |
| 2017-04-15 | CVE-2017-7881 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. | 8.8 |