Description
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
References (1)
Core 1
Core References
Exploit, Patch x_refsource_confirm
https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834
Scores
EPSS
0.0012
EPSS Percentile
30.7%
Details
CWE
CWE-352
Status
published
Products (2)
bigtreecms/bigtree_cms
4.0 b1 (8 CPE variants)
bigtreecms/bigtree_cms
< 4.0
Published
Aug 19, 2013
Tracked Since
Feb 18, 2026