exploitDog

CVE-2017-6914

Опубликовано: 15 мар. 2017

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.

Ссылки

https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf
Exploit
Technical Description
Third Party Advisory
https://github.com/bigtreecms/BigTree-CMS/issues/275
Patch
Vendor Advisory
https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf
Exploit
Technical Description
Third Party Advisory
https://github.com/bigtreecms/BigTree-CMS/issues/275
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.16:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.0012

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-m484-rhqj-58v7

CVSS3: 7.1

github

больше 3 лет назад

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.

EPSS

Процентиль: 31%

0.0012

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352