CVE-2018-10574

Published: 2018-04-30T20:29Z

Last Modified: 2024-11-21T03:41Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt