CVE-2013-5313
19.08.2013, 21:10
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
| Vendor | Product | Version |
|---|---|---|
| bigtreecms | bigtree_cms | 𝑥 ≤ 4.0 |
| bigtreecms | bigtree_cms | 4.0:b1 |
| bigtreecms | bigtree_cms | 4.0:b2 |
| bigtreecms | bigtree_cms | 4.0:b3 |
| bigtreecms | bigtree_cms | 4.0:b4 |
| bigtreecms | bigtree_cms | 4.0:b5 |
| bigtreecms | bigtree_cms | 4.0:b6 |
| bigtreecms | bigtree_cms | 4.0:b7 |
| bigtreecms | bigtree_cms | 4.0:rc1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration