Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution b2evolution vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
B2evolution B2evolution
490
VMScore
CVE-2017-5480
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution up to and including 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
B2evolution B2evolution
312
VMScore
CVE-2017-5494
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution up to and including 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
B2evolution B2evolution
NA
CVE-2022-30935
An authorization bypass in b2evolution allows remote, unauthenticated malicious users to predict password reset tokens for any user through the use of a bad randomness function. This allows the malicious user to get valid sessions for arbitrary users, and optionally reset their p...
B2evolution B2evolution
312
VMScore
CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an malicious user to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
B2evolution B2evolution
383
VMScore
CVE-2016-7149
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors related to the autolink function.
B2evolution B2evolution
383
VMScore
CVE-2014-9599
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution prior to 5.2.1 allows remote malicious users to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
B2evolution B2evolution
445
VMScore
CVE-2016-9479
The "lost password" functionality in b2evolution prior to 6.7.9 allows remote malicious users to reset arbitrary user passwords via a crafted request.
B2evolution B2evolution
580
VMScore
CVE-2021-28242
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote malicious users to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" ...
B2evolution B2evolution 7.2.2
801
VMScore
CVE-2017-5539
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used ...
B2evolution B2evolution 6.8.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »