 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.108144 |
| Category: | Web application abuses |
| Title: | BigTree CMS < 4.2.17 Unrestricted File Upload Vulnerability |
| Summary: | BigTree CMS is prone to an unrestricted file upload vulnerability. |
| Description: | Summary: BigTree CMS is prone to an unrestricted file upload vulnerability. Vulnerability Insight: BigTree CMS is prone to a unrestricted file upload vulnerability because it fails to sufficiently sanitize user-supplied data. If an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. Affected Software/OS: BigTree CMS versions prior to 4.2.17. Solution: Update BigTree CMS to version 4.2.17 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7695 http://www.math1as.com/bigtree_upload.txt https://github.com/bigtreecms/BigTree-CMS/commit/8cf4212ea40e1b843e1aecf4b24681b0964ec04c https://github.com/bigtreecms/BigTree-CMS/issues/276 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |