CVE-2017-16961 — MEDIUM (6.5)

Q: How severe is CVE-2017-16961?

CVE-2017-16961 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-16961?

Check the references section above for vendor advisories and patch information. Affected products include: Bigtreecms Bigtree Cms.

Vulnerability Description

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bigtreecms	Bigtree Cms	<= 4.2.19

Related Weaknesses (CWE)

CWE-89

References

https://github.com/bigtreecms/BigTree-CMS/issues/323ExploitIssue TrackingPatch
https://github.com/bigtreecms/BigTree-CMS/issues/323ExploitIssue TrackingPatch

FAQ

What is CVE-2017-16961?

CVE-2017-16961 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application ...

How severe is CVE-2017-16961?

CVE-2017-16961 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-16961?

Check the references section above for vendor advisories and patch information. Affected products include: Bigtreecms Bigtree Cms.