PT-2018-13990 · Bigtree · Bigtree

Pupiles

Published

2018-09-23

Updated

2018-11-21

CVE-2018-17341

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BigTree version 4.2.23

Description The issue allows remote attackers to bypass authentication when Advanced or Simple Rewrite routing is enabled. This can be achieved by using a .. substring in a URI, such as launch.php?bigtree htaccess url=admin/images/...

Recommendations For BigTree version 4.2.23, consider disabling Advanced or Simple Rewrite routing until a patch is available to prevent authentication bypass. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the bigtree htaccess url parameter in the affected launch.php endpoint until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-17341

Affected Products

Bigtree

PT-2018-13990 · Bigtree · Bigtree

CVE-2018-17341

Weakness Enumeration

Related Identifiers

Affected Products

References · 4