Vulnerability Details : CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
Products affected by CVE-2017-7695
- cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7695
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7695
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-7695
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7695
-
https://github.com/bigtreecms/BigTree-CMS/commit/8cf4212ea40e1b843e1aecf4b24681b0964ec04c
Fixing empty space at the end of a file name allowing dangerous files… · bigtreecms/BigTree-CMS@8cf4212 · GitHubPatch
-
http://www.math1as.com/bigtree_upload.txt
Page not found · GitHub PagesExploit;Third Party Advisory
-
https://github.com/bigtreecms/BigTree-CMS/issues/276
Unrestricted File Upload Reported · Issue #276 · bigtreecms/BigTree-CMS · GitHubIssue Tracking;Patch
Jump to