Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BigTree-CMS 4.2.x < 4.2.11 Multiple Vulnerabilities

Critical

Synopsis

The version of BigTree-CMS running on the remote server is affected by multiple vulnerabilities.

Description

The version of BigTree-CMS installed on the remote host is 4.2.x prior to 4.2.11 and is affected by multiple vulnerabilities :

- A flaw exists that allows conducting a session fixation attack. This flaw exists because the application does not properly invalidate an existing session identifier that is stored in the 'bigtree_user_sessions' table as a 'bigtree_admin[login]' token value. This may potentially allow an attacker to impersonate any user with a token value stored in the table. (OSVDB 139698) - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the 'core/inc/bigtree/sql.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 139699) - A flaw exists in the 'Install Package' function that is triggered as file types and extensions for uploaded files are not properly validated before being placed in a user-accessible path. This may allow a remote attacker to upload a PHP file and then request it in order to execute arbitrary code with the privileges of the web service. (OSVDB 139700) - A flaw exists as HTTP requests to 'core/admin/modules/users/create.php' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to create new feeds. (OSVDB 139701) - A flaw exists as HTTP requests to 'admin/developer/feeds/update/<FeedID>' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a CSRF / XSRF attack causing the victim to update an existing feed that has been specified by the FeedID. (OSVDB 139702) - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the 'admin/developer/modules/views/edit.php' script does not validate input passed via the URL before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 139703) - A flaw exists that allows an XSS attack. This flaw exists because the 'admin/ajax/developer/load-feed-fields.php' script does not validate input passed via the 'table' parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 139704) - A flaw exists that allows an XSS attack. This flaw exists because the 'admin/trees/report.php' script does not validate input passed via the report bodies before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 139705)

Solution

Upgrade to BigTree-CMS version 4.2.11 or later.