CVE-2013-4879

BigTree CMS <4.0 RC2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4879.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in BigTree CMS 4.0 RC2, including SQL injection via crafted URL parameters, CSRF for privilege escalation, and XSS through unsanitized input. The PoC includes functional examples for each vulnerability type.

Description

SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/27431

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in BigTree CMS 4.0 RC2, including SQL injection via crafted URL parameters, CSRF for privilege escalation, and XSS through unsanitized input. The PoC includes functional examples for each vulnerability type.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: BigTree CMS 4.0 RC2

No auth needed

Prerequisites: Access to the target application · For CSRF/XSS: Victim interaction (e.g., admin clicking a link)

MITRE ATT&CK