CSRF Vulnerability in BigTree CMS Allows Unlocking Pages

CSRF Vulnerability in BigTree CMS Allows Unlocking Pages

CVE-2017-9365 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.

Learn more about our Cms Pen Testing.