CSRF Vulnerability in BigTree CMS Allows Unlocking Pages
CVE-2017-9365 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
Learn more about our Cms Pen Testing.