CVE-2017-9442

moderate-risk
Published 2017-06-05

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.

Do I need to act?

~
2.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Bigtreecms

References (2)

Exploit https://github.com/bigtreecms/BigTree-CMS/issues/291
Exploit https://github.com/bigtreecms/BigTree-CMS/issues/291
40
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal