Known Vulnerabilities for products from Bigtreecms

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bigtreecms".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-44954 json Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID param... 5.4 - MEDIUM 2023-11-01 2023-11-09
CVE-2022-36197 json BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitra... 5.4 - MEDIUM 2022-08-03 2022-08-09
CVE-2020-26670 json A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbit... 8.8 - HIGH 2021-06-01 2022-05-03
CVE-2020-26669 json A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authentica... 5.4 - MEDIUM 2021-06-01 2021-06-09
CVE-2020-26668 json A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an auth... 8.8 - HIGH 2021-06-01 2021-06-09
CVE-2020-18467 json Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the Ge... 5.4 - MEDIUM 2021-08-26 2021-08-27
CVE-2018-1000521 json BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users ... 6.1 - MEDIUM 2018-06-26 2018-08-27
CVE-2018-20405 json ** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE... 2.7 - LOW 2018-12-23 2023-11-07
CVE-2018-18380 json A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of... 5.4 - MEDIUM 2018-10-19 2019-01-25
CVE-2018-18308 json In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the... 6.1 - MEDIUM 2018-10-16 2019-04-12
CVE-2018-17341 json BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authenticati... 8.1 - HIGH 2018-09-23 2018-11-21
CVE-2018-17030 json BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /c... 7.5 - HIGH 2018-09-14 2018-11-07
CVE-2018-10574 json site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP cod... 9.8 - CRITICAL 2018-04-30 2018-06-07
CVE-2018-10364 json BigTree before 4.2.22 has XSS in the Users management page via the name or company field. 5.4 - MEDIUM 2018-04-30 2018-06-05
CVE-2018-10183 json An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php becau... 6.1 - MEDIUM 2018-04-17 2018-05-21
CVE-2018-6013 json Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory... 5.4 - MEDIUM 2018-01-23 2018-02-07
CVE-2017-16961 json A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attacker... Not Provided 2017-11-27 2025-04-20
CVE-2017-11736 json SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users ... Not Provided 2017-07-29 2025-04-20
CVE-2017-9548 json admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users t... 5.4 - MEDIUM 2017-06-12 2017-06-15
CVE-2017-9547 json admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users t... 5.4 - MEDIUM 2017-06-12 2017-06-15
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Bigtreecms

Type Vendor Product Version
ApplicationBigtreecmsBigtree Cms4.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report