CVE-2018-20405

Опубликовано: 23 дек. 2018

Источник: nvd

CVSS3: 2.7

CVSS2: 4

EPSS Низкий

Описание

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.

Ссылки

https://github.com/bigtreecms/BigTree-CMS/issues/354
Exploit
Issue Tracking
Third Party Advisory
https://github.com/bigtreecms/BigTree-CMS/issues/354
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigtreecms:bigtree:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00196

Низкий

2.7 Low

CVSS3

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-qggm-xmg7-pqpf

CVSS3: 2.7

github

больше 3 лет назад

** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP."

EPSS

Процентиль: 42%

0.00196

Низкий

2.7 Low

CVSS3

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639