CVE-2017-9365

CVE-2017-9365

EPSS 0.5%

CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f https://github.com/bigtreecms/BigTree-CMS/issues/281