QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4881

Published: Aug 19, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

bigtreecms-cve20134881-csrf(86286)

vdb-entry

x_refsource_XF

20130807 Multiple Vulnerabilities in BigTree CMS

mailing-list

x_refsource_BUGTRAQ

https://www.htbridge.com/advisory/HTB23165

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.