Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2011-3709
b2evolution 3.3.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.
B2evolution B2evolution 3.3.3
668
VMScore
CVE-2016-8901
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
B2evolution B2evolution 6.7.6
668
VMScore
CVE-2007-2681
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
B2evolution B2evolution 1.6
578
VMScore
CVE-2012-5910
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
B2evolution B2evolution 4.1.3
383
VMScore
CVE-2012-5911
Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote malicious users to inject arbitrary web script or HTML via the message body.
B2evolution B2evolution 4.1.3
NA
CVE-2022-44036
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that ...
B2evolution B2evolution Cms 7.2.5
668
VMScore
CVE-2021-31632
b2evolution CMS v7.2.3 exists to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows malicious users to execute arbitrary code via a crafted input.
B2evolution B2evolution Cms 7.2.3
383
VMScore
CVE-2020-22839
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote malicious users to inject arbitrary webscript or HTML code via the tab3 parameter.
B2evolution B2evolution Cms 6.11.6
605
VMScore
CVE-2021-31631
b2evolution CMS v7.2.3 exists to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows malicious users to escalate privileges.
B2evolution B2evolution Cms 7.2.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3