CVE-2017-9365
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php – for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
Date published : 2017-06-02
https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f