Vulnerabilities > Bigtreecms

DATE CVE VULNERABILITY TITLE RISK
2018-09-14 CVE-2018-17030 Code Injection vulnerability in Bigtreecms Bigtree CMS 4.2.23
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
network
high complexity
bigtreecms CWE-94
7.5
2018-06-26 CVE-2018-1000521 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.21
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users..
network
low complexity
bigtreecms CWE-79
6.1
2018-04-30 CVE-2018-10364 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
network
low complexity
bigtreecms CWE-79
5.4
2018-04-30 CVE-2018-10574 Code Injection vulnerability in Bigtreecms Bigtree CMS
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
network
low complexity
bigtreecms CWE-94
critical
9.8
2018-04-17 CVE-2018-10183 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.22
An issue was discovered in BigTree 4.2.22.
network
low complexity
bigtreecms CWE-79
6.1
2018-01-23 CVE-2018-6013 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.19
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter.
network
low complexity
bigtreecms CWE-79
5.4
2017-11-27 CVE-2017-16961 SQL Injection vulnerability in Bigtreecms Bigtree CMS
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database.
network
low complexity
bigtreecms CWE-89
6.5
2017-07-29 CVE-2017-11736 SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
network
low complexity
bigtreecms CWE-89
8.8
2017-06-12 CVE-2017-9548 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).
network
low complexity
bigtreecms CWE-79
5.4
2017-06-12 CVE-2017-9547 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
network
low complexity
bigtreecms CWE-79
5.4