Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution b2evolution vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to e...
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.2
B2evolution B2evolution
B2evolution B2evolution 4.1.1
B2evolution B2evolution 4.1.0
1 EDB exploit
605
VMScore
CVE-2013-7352
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-294...
B2evolution B2evolution
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.2
B2evolution B2evolution 4.1.0
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.1
755
VMScore
CVE-2006-6417
PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 up to and including 1.9 beta allows remote malicious users to execute arbitrary PHP code via a URL in the inc_path parameter.
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.5
B2evolution B2evolution 1.9
1 EDB exploit
383
VMScore
CVE-2007-0175
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote malicious users to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
B2evolution B2evolution 1.8.6
B2evolution B2evolution 1.8.2
B2evolution B2evolution 1.8.5
695
VMScore
CVE-2006-6197
Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 up to and including 1.9 beta allow remote malicious users to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_...
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.2
3 EDB exploits
668
VMScore
CVE-2009-1657
Multiple SQL injection vulnerabilities in the Starrating plugin prior to 0.7.7 for b2evolution allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
B2evolution Starrating Plugin
B2evolution Starrating Plugin 0.7.5
B2evolution Starrating Plugin 0.7
B2evolution Starrating Plugin 0.6
312
VMScore
CVE-2017-5494
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution up to and including 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
B2evolution B2evolution
312
VMScore
CVE-2017-5553
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution prior to 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.
B2evolution B2evolution
445
VMScore
CVE-2016-9479
The "lost password" functionality in b2evolution prior to 6.7.9 allows remote malicious users to reset arbitrary user passwords via a crafted request.
B2evolution B2evolution
383
VMScore
CVE-2016-7149
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors related to the autolink function.
B2evolution B2evolution
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »