exploitDog

CVE-2017-9378

Опубликовано: 02 июн. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.

Ссылки

https://github.com/bigtreecms/BigTree-CMS/commit/f7899701d7be91b7dc546b65e44a27b668eb3b76
Patch
https://github.com/bigtreecms/BigTree-CMS/issues/282
Exploit
Issue Tracking
Patch
https://github.com/bigtreecms/BigTree-CMS/commit/f7899701d7be91b7dc546b65e44a27b668eb3b76
Patch
https://github.com/bigtreecms/BigTree-CMS/issues/282
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

Версия до 4.2.18 (включая)

EPSS

Процентиль: 32%

0.00122

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-w4x3-44p5-962m

CVSS3: 6.5

github

больше 3 лет назад

BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.

EPSS

Процентиль: 32%

0.00122

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863