BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
References
Link | Resource |
---|---|
https://github.com/bigtreecms/BigTree-CMS/issues/345 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:11
Updated: 2022-10-03T16:22:11
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-17341
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-23T05:29:00.423
Modified: 2018-11-21T20:22:05.793
Link: CVE-2018-17341
JSON object: View
Redhat Information
No data.
CWE