site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
References
Link | Resource |
---|---|
https://github.com/bigtreecms/BigTree-CMS/commit/609bd17728ee1db0487a42d96028d30537528ae8 | Patch |
https://github.com/bigtreecms/BigTree-CMS/issues/335 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:16
Updated: 2022-10-03T16:22:16
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-10574
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-30T20:29:00.247
Modified: 2018-06-07T18:10:57.967
Link: CVE-2018-10574
JSON object: View
Redhat Information
No data.
CWE