CVE-2017-9365

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-9365

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9365.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-9365

Published

2017-06-02T05:29:00Z

Modified

2025-04-20T04:05:30.901612Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.

References

Affected packages

Git / github.com/bigtreecms/bigtree-cms

Affected ranges

Type: GIT
Repo: https://github.com/bigtreecms/bigtree-cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f

Fixed

c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f

Affected versions

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0RC2

4.0b7

4.0beta2

4.0beta4

4.0beta5

4.0beta6

4.0rc1

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2

4.2.10

4.2.11

4.2.12

4.2.13

4.2.14

4.2.15

4.2.16

4.2.17

4.2.18

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

Other

RC2

v4.*

v4.0b1

v4.0b3