Vulnerabilities (CVE)

Filtered by vendor Bigtreecms Subscribe

Filtered by product Bigtree Cms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-10574	1 Bigtreecms	1 Bigtree Cms	2018-06-07	7.5 HIGH	9.8 CRITICAL
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
CVE-2017-9364	1 Bigtreecms	1 Bigtree Cms	2017-06-06	7.5 HIGH	9.8 CRITICAL
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
CVE-2017-7695	1 Bigtreecms	1 Bigtree Cms	2017-04-17	7.5 HIGH	9.8 CRITICAL
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.