CVE-2018-17341
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-17341
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17341.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-17341
- Published
- 2018-09-23T05:29:00Z
- Modified
- 2025-01-14T07:25:22.821662Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtreehtaccessurl=admin/images/..\ URI.
- References
Affected packages
Git / github.com/bigtreecms/bigtree-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bigtreecms/bigtree-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0RC2
4.0b7
4.0beta2
4.0beta4
4.0beta5
4.0beta6
4.0rc1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.2
4.2.20
4.2.21
4.2.22
4.2.23
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
Other
RC2
v4.*
v4.0b1
v4.0b3