Description
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch x_refsource_misc
https://github.com/bigtreecms/BigTree-CMS/issues/282
Scores
CVSS v3
6.5
EPSS
0.0063
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (1)
bigtreecms/bigtree_cms
< 4.2.18
Published
Jun 02, 2017
Tracked Since
Feb 18, 2026