PT-2017-17412 · Bigtree · Bigtree Cms

Dvnrcy

Published

2017-03-15

Updated

2017-03-16

CVE-2017-6915

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BigTree CMS version 4.1.18

Description The issue concerns a CSRF problem. It affects the "admin/settings/update/" page, specifically with the colophon parameter. This allows the Colophon to be changed.

Recommendations For BigTree CMS version 4.1.18, consider restricting access to the "admin/settings/update/" page to minimize the risk of exploitation. As a temporary workaround, avoid using the colophon parameter in the affected page until the issue is resolved.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-6915

Affected Products

Bigtree Cms

PT-2017-17412 · Bigtree · Bigtree Cms

CVE-2017-6915

Weakness Enumeration

Related Identifiers

Affected Products

References · 5