Vulnerability Details : CVE-2013-4881
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2013-4881
- cpe:2.3:a:bigtreecms:bigtree_cms:*:rc2:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b4:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b3:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b7:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b2:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b1:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b6:*:*:*:*:*:*
- cpe:2.3:a:bigtreecms:bigtree_cms:4.0:b5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4881
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4881
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-4881
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4881
-
https://www.htbridge.com/advisory/HTB23165
Multiple Vulnerabilities in BigTree CMS - HTB23165 Security Advisory | ImmuniWeb
-
https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834
Fixed a Cross-Site Request Forgery exploit that would allow logged-in… · bigtreecms/BigTree-CMS@4b0faa9 · GitHub
-
http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/86286
BigTree CMS create.php cross-site request forgery CVE-2013-4881 Vulnerability Report
Jump to