CVE-2017-9379

Name of the Vulnerable Software and Affected Versions BigTree CMS versions prior to 4.2.19

Description The issue concerns multiple CSRF problems. Specifically, the clear parameter to "core/admin/modules/dashboard/vitals-statistics/404/clear.php" and the from or to parameters to "core/admin/modules/dashboard/vitals-statistics/404/create-301.php" are affected.

Recommendations For BigTree CMS versions prior to 4.2.19, update to version 4.2.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the "core/admin/modules/dashboard/vitals-statistics/404/clear.php" and "core/admin/modules/dashboard/vitals-statistics/404/create-301.php" endpoints to minimize the risk of exploitation. Avoid using the clear, from, and to parameters in the affected API endpoints until the issue is resolved.