Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7352
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-294...
B2evolution B2evolution
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.2
B2evolution B2evolution 4.1.0
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.1
NA
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to e...
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.2
B2evolution B2evolution
B2evolution B2evolution 4.1.1
B2evolution B2evolution 4.1.0
1 EDB exploit
NA
CVE-2007-0175
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote malicious users to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
B2evolution B2evolution 1.8.6
B2evolution B2evolution 1.8.2
B2evolution B2evolution 1.8.5
NA
CVE-2006-6417
PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 up to and including 1.9 beta allows remote malicious users to execute arbitrary PHP code via a URL in the inc_path parameter.
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.5
B2evolution B2evolution 1.9
1 EDB exploit
NA
CVE-2006-6197
Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 up to and including 1.9 beta allow remote malicious users to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_...
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.2
3 EDB exploits
NA
CVE-2009-1657
Multiple SQL injection vulnerabilities in the Starrating plugin prior to 0.7.7 for b2evolution allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
B2evolution Starrating Plugin
B2evolution Starrating Plugin 0.7.5
B2evolution Starrating Plugin 0.7
B2evolution Starrating Plugin 0.6
7.5
CVSSv3
CVE-2016-9479
The "lost password" functionality in b2evolution prior to 6.7.9 allows remote malicious users to reset arbitrary user passwords via a crafted request.
B2evolution B2evolution
6.1
CVSSv3
CVE-2016-7149
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors related to the autolink function.
B2evolution B2evolution
5.4
CVSSv3
CVE-2016-7150
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the site name.
B2evolution B2evolution
NA
CVE-2007-2358
Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote malicious users to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multib...
B2evolution B2evolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »