CVE-2017-16961

CVE-2017-16961

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.

Source: CVE-2017-16961

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다