Tim Buckingham

11 exploits Active since Aug 2013
CVE-2013-4879 WRITEUP WRITEUP
BigTree CMS <4.0 RC2 - SQL Injection
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
CVE-2013-4881 WRITEUP WRITEUP
BigTree CMS <4.0 RC2 - CSRF
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
CVE-2013-5313 WRITEUP WRITEUP
BigTree CMS <4.0 RC2 - CSRF
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
CVE-2017-7695 WRITEUP CRITICAL WRITEUP
BigTree CMS <4.2.17 - Code Injection
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
CVSS 9.8
CVE-2017-7881 WRITEUP HIGH WRITEUP
Bigtreecms Bigtree Cms < 4.2.17 - CSRF
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.
CVSS 8.8
CVE-2017-9364 WRITEUP CRITICAL WRITEUP
BigTree CMS <4.2.18 - Code Injection
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
CVSS 9.8
CVE-2017-9365 WRITEUP HIGH WRITEUP
BigTree CMS <4.2.18 - CSRF
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
CVSS 8.8
CVE-2017-9378 WRITEUP MEDIUM WRITEUP
BigTree CMS <4.2.18 - Info Disclosure
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.
CVSS 6.5
CVE-2018-10574 WRITEUP CRITICAL WRITEUP
BigTree <4.2.22 - RCE
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
CVSS 9.8
CVE-2018-18380 WRITEUP MEDIUM WRITEUP
Bigtree <4.2.24 - Info Disclosure
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.
CVSS 5.4
CVE-2018-25076 WRITEUP MEDIUM WRITEUP
BigTree Events Extension - SQL Injection
A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395.
CVSS 5.5