CVE-2013-4881
N/A
N/A
Summary
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834
- http://osvdb.org/96009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86286
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html
- https://www.htbridge.com/advisory/HTB23165
References
- https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834
- http://osvdb.org/96009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86286
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html
- https://www.htbridge.com/advisory/HTB23165
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.