Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to e...
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.2
B2evolution B2evolution
B2evolution B2evolution 4.1.1
B2evolution B2evolution 4.1.0
1 EDB exploit
NA
CVE-2013-7352
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-294...
B2evolution B2evolution
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.2
B2evolution B2evolution 4.1.0
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.1
NA
CVE-2007-0175
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote malicious users to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
B2evolution B2evolution 1.8.6
B2evolution B2evolution 1.8.2
B2evolution B2evolution 1.8.5
NA
CVE-2006-6417
PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 up to and including 1.9 beta allows remote malicious users to execute arbitrary PHP code via a URL in the inc_path parameter.
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.5
B2evolution B2evolution 1.9
1 EDB exploit
NA
CVE-2006-6197
Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 up to and including 1.9 beta allow remote malicious users to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_...
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.2
3 EDB exploits
NA
CVE-2009-1657
Multiple SQL injection vulnerabilities in the Starrating plugin prior to 0.7.7 for b2evolution allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
B2evolution Starrating Plugin
B2evolution Starrating Plugin 0.7.5
B2evolution Starrating Plugin 0.7
B2evolution Starrating Plugin 0.6
NA
CVE-2014-9599
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution prior to 5.2.1 allows remote malicious users to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
B2evolution B2evolution
9.8
CVSSv3
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
B2evolution B2evolution
7.5
CVSSv3
CVE-2016-9479
The "lost password" functionality in b2evolution prior to 6.7.9 allows remote malicious users to reset arbitrary user passwords via a crafted request.
B2evolution B2evolution
8.1
CVSSv3
CVE-2017-5480
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution up to and including 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
B2evolution B2evolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »