1. ADVISORY INFORMATION
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehme
9
Bugs: Default credentials, CSRF, XXS, SQLi Injection, LFI
Date of Public Advisory: 15 Jun 2016
Author: Mehmet Ince
2. CREDIT
Those vulnerabilities was identified during external penetration test
by Mehmet INCE from PRODAFT / INVICTUS
Original Advisory:
ity was identified during penetration test
by Mehmet INCE & Halit Alptekin from PRODAFT / INVICTUS
3. VERSIONS AFFECTED
AfterLogic WebMail Pro ASP.NET < 6.2.7
4. INTRODUCTION
It seems that /webmail/spellcheck.aspx?xml