CVE-2017-9428

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.
References
Link Resource
https://github.com/bigtreecms/BigTree-CMS/issues/289 Exploit Issue Tracking Patch
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-04 23:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-9428

Mitre link : CVE-2017-9428

CVE.ORG link : CVE-2017-9428


JSON object : View

Products Affected

bigtreecms

  • bigtree_cms

microsoft

  • windows
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')