Vulnerabilities (CVE)

Filtered by vendor Bigtreecms Subscribe
Filtered by product Bigtree
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20405 1 Bigtreecms 1 Bigtree 2024-11-21 4.0 MEDIUM 2.7 LOW
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.