05 Jui 2017
CVE-2017-9443 - CVE Vulnerability
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." (CVSS:0.0) (Last Update:2017-06-05)
Vulnerability Details : ** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." Publish Date : 2017-06-05 Last Update Date : 2017-06-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-9443
- References For CVE-2017-9443
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-9443There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |