CVE-2018-17341

2018-09-2305:00:00

mitre

www.cve.org

bigtree

4.2.23

windows

authentication bypass

remote attackers

AI Score

8.2

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a …\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/…\ URI.

References

github.com/bigtreecms/BigTree-CMS/issues/345