Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution b2evolution vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7352
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-294...
B2evolution B2evolution 4.1.2
B2evolution B2evolution 4.1.5
B2evolution B2evolution
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.0
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.1
NA
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to e...
B2evolution B2evolution 4.1.2
B2evolution B2evolution 4.1.5
B2evolution B2evolution
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.0
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.1
1 EDB exploit
NA
CVE-2007-0175
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote malicious users to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
B2evolution B2evolution 1.8.5
B2evolution B2evolution 1.8.2
B2evolution B2evolution 1.8.6
NA
CVE-2006-6417
PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 up to and including 1.9 beta allows remote malicious users to execute arbitrary PHP code via a URL in the inc_path parameter.
B2evolution B2evolution 1.9
B2evolution B2evolution 1.8.5
B2evolution B2evolution 1.9 Beta
1 EDB exploit
NA
CVE-2006-6197
Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 up to and including 1.9 beta allow remote malicious users to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_...
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.2
3 EDB exploits
NA
CVE-2007-2358
Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote malicious users to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multib...
B2evolution B2evolution
6.1
CVSSv3
CVE-2016-7149
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors related to the autolink function.
B2evolution B2evolution
5.4
CVSSv3
CVE-2016-7150
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the site name.
B2evolution B2evolution
NA
CVE-2014-9599
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution prior to 5.2.1 allows remote malicious users to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
B2evolution B2evolution
5.4
CVSSv3
CVE-2017-5553
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution prior to 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.
B2evolution B2evolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »