PT-2017-17414 · Bigtree · Bigtree Cms

Dvnrcy

Published

2017-03-15

Updated

2017-03-16

CVE-2017-6917

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BigTree CMS version 4.2.16

Description The issue concerns a CSRF problem. It affects the "admin/settings/update/" page, specifically with the value parameter. This allows an attacker to change the Colophon.

Recommendations For BigTree CMS version 4.2.16, consider restricting access to the "admin/settings/update/" page as a temporary workaround until a patch is available. Avoid using the value parameter in this page until the issue is resolved.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-6917

Affected Products

Bigtree Cms

PT-2017-17414 · Bigtree · Bigtree Cms

CVE-2017-6917

Weakness Enumeration

Related Identifiers

Affected Products

References · 5