CVE-2013-4881

BigTree CMS <4.0 RC2 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/27431

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html

[Patch] https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834

View Patch ZIP pw:eip

[Vendor Advisory] https://www.htbridge.com/advisory/HTB23165

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/86286

[Third Party Advisory, VDB Entry] http://osvdb.org/96009

Scores

EPSS 0.0033

EPSS Percentile 56.1%

Details

CWE

CWE-352

Status published

Products (2)

bigtreecms/bigtree_cms 4.0 b1 (8 CPE variants)

bigtreecms/bigtree_cms < 4.0

Published Aug 19, 2013

Tracked Since Feb 18, 2026