Multiple vulnerabilities in BigTree CMS
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-9365 CVE-2017-9364 CVE-2017-9379 CVE-2017-9428 |
| CWE-ID | CWE-352 CWE-434 CWE-22 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
BigTree CMS Web applications / CMS |
| Vendor | BigTree CMS |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Cross-site request forgery
EUVDB-ID: #VU6901
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-9365
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CSRF attack.
The vulnerability exists due to absent validation of HTTP request origin when unlocking modules and website pages in /admin/pages/revisions.php script. A remote attacker can trick a logged-in administrator into visiting a specially crafted web page and unlock arbitrary pages or modules on the vulnerable website.
Exploitation example for unlocking page with id=1:
http://[host]/admin/pages/revisions/1/?force=falseMitigation
Install update from GIT repository.
BigTree CMS: 4.2 - 4.2.18
CPE2.3- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.2:*:*:*:*:*:*:*
https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f
https://github.com/bigtreecms/BigTree-CMS/issues/281
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Unrestricted file upload
EUVDB-ID: #VU6902
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]
CVE-ID: CVE-2017-9364
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to absent validation of certain file extensions when uploading files. A remote attacker can upload files with .pht and .phtml extensions and execute them with privileges of the web server.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system, but requires that the web server is configured to treat the affected extensions as PHP files.
Install update from GIT repository.
BigTree CMS: 4.2 - 4.2.18
CPE2.3- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.2:*:*:*:*:*:*:*
https://github.com/bigtreecms/BigTree-CMS/commit/b72293946951cc650eaf51f5d2f62ceac6335e12
https://github.com/bigtreecms/BigTree-CMS/issues/280
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site request forgery
EUVDB-ID: #VU6903
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-9379
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CSRF attack.
The vulnerability exists due to absent validation of HTTP request origin in "\BigTree-CMS-4.2.18\core\admin\modules\dashboard\vitals-statistics\404\clear.php" and "\core\admin\modules\dashboard\vitals-statistics\404\create-301.php" scripts. A remote attacker can trick a logged-in administrator into visiting a specially crafted web page and delete contents of 404 page or create a HTTP 301 redirect to arbitrary website.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
BigTree CMS: 4.2 - 4.2.18
CPE2.3- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.2:*:*:*:*:*:*:*
https://github.com/bigtreecms/BigTree-CMS/issues/287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Directory traversal
EUVDB-ID: #VU6904
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-9428
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via "directory" HTTP POST parameter to "/index.php/admin/ajax/developer/extensions/file-browser/" URL. A remote authenticated user with access to administrative area can use directory traversal sequences to view contents of arbitrary files on the system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
BigTree CMS: 4.2 - 4.2.18
CPE2.3- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bigtree_cms:bigtree_cms:4.2.2:*:*:*:*:*:*:*
https://github.com/bigtreecms/BigTree-CMS/issues/289
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
