CVE-2018-20405

Name of the Vulnerable Software and Affected Versions BigTree version 4.3

Description The issue allows for full path disclosure through authenticated input in the admin/news section, which triggers a syntax error. It is noted that this issue requires full developer level access to the content management system.

Recommendations For BigTree version 4.3, consider restricting access to the admin/news section to prevent potential path disclosure. As a temporary workaround, limit the ability to trigger syntax errors in this section until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this issue.