Vulnerabilities > Bigtreecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-14 | CVE-2018-17030 | Code Injection vulnerability in Bigtreecms Bigtree CMS 4.2.23 BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | 7.5 |
| 2018-06-26 | CVE-2018-1000521 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.21 BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. | 6.1 |
| 2018-04-30 | CVE-2018-10364 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | 5.4 |
| 2018-04-30 | CVE-2018-10574 | Code Injection vulnerability in Bigtreecms Bigtree CMS site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | 9.8 |
| 2018-04-17 | CVE-2018-10183 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.22 An issue was discovered in BigTree 4.2.22. | 6.1 |
| 2018-01-23 | CVE-2018-6013 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.19 Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. | 5.4 |
| 2017-11-27 | CVE-2017-16961 | SQL Injection vulnerability in Bigtreecms Bigtree CMS A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. | 6.5 |
| 2017-07-29 | CVE-2017-11736 | SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18 SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | 8.8 |
| 2017-06-12 | CVE-2017-9548 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | 5.4 |
| 2017-06-12 | CVE-2017-9547 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change). | 5.4 |