Detections
Analytics

BigTree-CMS 4.2.x < 4.2.11 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9557

Synopsis

The version of BigTree-CMS running on the remote server is affected by multiple vulnerabilities.

Description

The version of BigTree-CMS installed on the remote host is 4.2.x prior to 4.2.11 and is affected by multiple vulnerabilities :

 - A flaw exists that allows conducting a session fixation attack. This flaw exists because the application does not properly invalidate an existing session identifier that is stored in the 'bigtree_user_sessions' table as a 'bigtree_admin[login]' token value. This may potentially allow an attacker to impersonate any user with a token value stored in the table.
 - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the 'core/inc/bigtree/sql.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
 - A flaw exists in the 'Install Package' function that is triggered as file types and extensions for uploaded files are not properly validated before being placed in a user-accessible path. This may allow a remote attacker to upload a PHP file and then request it in order to execute arbitrary code with the privileges of the web service.
 - A flaw exists as HTTP requests to 'core/admin/modules/users/create.php' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to create new feeds.
 - A flaw exists as HTTP requests to 'admin/developer/feeds/update/<FeedID>' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a CSRF / XSRF attack causing the victim to update an existing feed that has been specified by the FeedID.
 - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the 'admin/developer/modules/views/edit.php' script does not validate input passed via the URL before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that allows an XSS attack. This flaw exists because the 'admin/ajax/developer/load-feed-fields.php' script does not validate input passed via the 'table' parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that allows an XSS attack. This flaw exists because the 'admin/trees/report.php' script does not validate input passed via the report bodies before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Solution

Upgrade to BigTree-CMS version 4.2.11 or later.

See Also

https://github.com/bigtreecms/BigTree-CMS/blob/master/README.md#4211-release

Plugin Details

Severity: Critical

ID: 9557

Family: CGI

Published: 9/9/2016

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:bigtreecms:bigtree_cms

Patch Publication Date: 5/27/2016

Vulnerability Publication Date: 5/27/2016