PT-2017-18875 · Bigtree · Bigtree Cms

Xfkxfk

Published

2017-06-02

Updated

2017-06-06

CVE-2017-9364

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BigTree CMS versions prior to 4.2.19

Description The issue allows an attacker to bypass a safety check by uploading files with specific extensions, such as 'xxx.pht' or 'xxx.phtml', potentially leading to code execution.

Recommendations For versions prior to 4.2.19, update to version 4.2.19 or later to resolve the issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-9364

Affected Products

Bigtree Cms

PT-2017-18875 · Bigtree · Bigtree Cms

CVE-2017-9364

Weakness Enumeration

Related Identifiers

Affected Products

References · 5