BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700143
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The version of BigTree-CMS running on the remote server is affected by multiple attack vectors.

Description

The version of BigTree-CMS installed on the remote host is 4.2.x prior to 4.2.17 and is affected by multiple vulnerabilities :

- A flaw exists as HTTP requests to 'admin/ajax/users/delete/' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to delete arbitrary users. (CVE-2017-6914)
- A flaw exists as HTTP requests to 'admin/settings/update/' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a CSRF / XSRF attack causing the victim to make changes to colophons or navigation social settings. (CVE-2017-6915, CVE-2017-6916, CVE-2017-6917, CVE-2017-6918)
- A flaw exists in 'core/inc/bigtree/apis/storage.php' that is triggered as file types and extensions for uploaded files are not properly validated when a trailing white space is appended to the file extension before being placed in a user-accessible path. This may allow an authenticated remote attacker to upload 'e.g'. a PHP file and then request it in order to execute arbitrary code with the privileges of the web service. (CVE-2017-7695)

Solution

Upgrade to BigTree-CMS version 4.2.17 or later.

See Also

https://github.com/bigtreecms/BigTree-CMS/commit/8cf4212ea40e1b843e1aecf4b24681b0964ec04c

Plugin Details

Severity: High

ID: 700143

Family: CGI

Published: 6/21/2017

Updated: 3/6/2019

Dependencies: 9436

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

Patch Publication Date: 4/7/2017

Vulnerability Publication Date: 4/6/2017

Reference Information

CVE: CVE-2017-6914, CVE-2017-6915, CVE-2017-6916, CVE-2017-6917, CVE-2017-6918, CVE-2017-7695