CVE-2013-4879
Published Aug 14, 2013
Last updated 7 years ago
Overview
- Description
- SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:*:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6BFF3D3-DE9A-4D38-AA46-81C80C291C6C",
"versionEndIncluding": "4.0"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2FE7AD4-680F-46AB-B781-19F7E4B95593"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EB20F45-4FD0-4BDF-926B-83A7178A16E7"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A8E73F4-6BB4-4BA7-B7DF-DC2C3DB96D3C"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB85F2AE-F5C8-4975-A668-3F19A16611EE"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67AB2377-6B06-4962-BD58-9C33225F17BB"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94F5DCD4-1538-47E2-9D74-89FCB120FB84"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC4B947C-3C45-424E-BEE8-F56CCBEBF384"
},
{
"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBA1EB0F-5860-4642-8CD6-5A871ADBDAA9"
}
],
"operator": "OR"
}
]
}
]