CVE-2018-10574
- Source
- https://cve.org/CVERecord?id=CVE-2018-10574
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10574.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-10574
- Published
- 2018-04-30T20:29:00.247Z
- Modified
- 2025-11-14T05:25:43.281422Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
- References
Affected packages
Git / github.com/bigtreecms/bigtree-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bigtreecms/bigtree-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0RC2
4.0b7
4.0beta2
4.0beta4
4.0beta5
4.0beta6
4.0rc1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.2
4.2.20
4.2.21
4.2.22
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
Other
RC2
v4.*
v4.0b1
v4.0b3