HomePentest-Tools.com Logo

BigTree CMS Multiple Vulnerabilities CVE-2013-4879CVE-2013-4880CVE-2013-5313CVE-2013-4881

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

BigTree CMS is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - Improper sanitation of user-supplied input passed via the URL to the site/index.php script and module parameter upon submission to /admin/developer/modules/views/add/index.php script - Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php and core/admin/modules/users/update.php Successful exploitation will allow remote attackers to insert arbitrary HTML or script code, which will be executed in a users browser session in the context of an affected site, hijack user session or manipulate SQL queries by injecting arbitrary SQL code.

Recommendation

Update to version 4.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 14, 2013
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available