Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BigTree-CMS 4.2.x < 4.2.9 Multiple Vulnerabilities

Medium

Synopsis

The version of BigTree-CMS running on the remote server is affected by multiple vulnerabilities.

Description

The version of BigTree-CMS installed on the remote host is 4.2.x prior to 4.2.9 and is affected by multiple vulnerabilities :

- A flaw exists in the 'core/admin/auto-modules/forms/process.php' script that is triggered as input passed via the 'view_data' parameter is not properly sanitized. This may allow an authenticated remote attacker to inject arbitrary PHP objects and conduct an XSS attack. (OSVDB 135945) - An unspecified flaw exists in the '/core/inc/bigtree/utils.php' script that may allow an authenticated remote attacker with administrator privileges to elevate their privileges to developer for the remainder of their session. No further details have been provided by the vendor. (OSVDB 135946)

Solution

Upgrade to BigTree-CMS version 4.2.9 or later.