CVE-2018-17341

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-17341

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17341.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-17341

Published

2018-09-23T05:29:00.423Z

Modified

2025-11-20T10:47:07.948036Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtreehtaccessurl=admin/images/..\ URI.

References

https://github.com/bigtreecms/BigTree-CMS/issues/345

Affected packages

Git / github.com/bigtreecms/bigtree-cms

Affected ranges

Type: GIT
Repo: https://github.com/bigtreecms/bigtree-cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e894af7e01cfd9904f7aad3cb22170d962a49c09

Affected versions

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0RC2

4.0b7

4.0beta2

4.0beta4

4.0beta5

4.0beta6

4.0rc1

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2

4.2.10

4.2.11

4.2.12

4.2.13

4.2.14

4.2.15

4.2.16

4.2.17

4.2.18

4.2.19

4.2.2

4.2.20

4.2.21

4.2.22

4.2.23

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

Other

RC2

v4.*

v4.0b1

v4.0b3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17341.json"