SecuritySpace - CVE-2017-7881

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-7881

Description: BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.

Test IDs: 1.3.6.1.4.1.25623.1.0.108143

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-7881
https://github.com/bigtreecms/BigTree-CMS/commit/7761481ac40d83ac29fef42bc6b3c07c86694b56
https://www.cdxy.me/?p=765

CVE ID:	CVE-2017-7881
Description:	BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.
Test IDs:	1.3.6.1.4.1.25623.1.0.108143
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7881 https://github.com/bigtreecms/BigTree-CMS/commit/7761481ac40d83ac29fef42bc6b3c07c86694b56 https://www.cdxy.me/?p=765