Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: BigTree 4.2.8
Fixed in: BigTree 4.2.9
Fixed Version Link: https://www.bigtreecms.org/download/
Vendor Website: https://www.bigtreecms.org/
Vulnerability Type: Object Injection & Improper Filename Sanitation
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 03/15/2016
Release mode: Coordinated Release
CVE:…