Vulnerabilities > Bigtreecms > Bigtree CMS > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-30 CVE-2018-10574 Code Injection vulnerability in Bigtreecms Bigtree CMS
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
network
low complexity
bigtreecms CWE-94
7.5
2017-06-05 CVE-2017-9443 SQL Injection vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package.
network
low complexity
bigtreecms CWE-89
8.8
2017-06-05 CVE-2017-9442 Code Injection vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php.
network
low complexity
bigtreecms CWE-94
8.8
2017-06-02 CVE-2017-9364 Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
network
low complexity
bigtreecms CWE-434
7.5
2017-04-11 CVE-2017-7695 Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
network
low complexity
bigtreecms CWE-434
7.5
2013-08-14 CVE-2013-4879 SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.0
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
network
low complexity
bigtreecms CWE-89
7.5