Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to e...
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.2
B2evolution B2evolution
B2evolution B2evolution 4.1.1
B2evolution B2evolution 4.1.0
1 EDB exploit
6.8
CVSSv2
CVE-2013-7352
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-294...
B2evolution B2evolution
B2evolution B2evolution 4.1.5
B2evolution B2evolution 4.1.4
B2evolution B2evolution 4.1.2
B2evolution B2evolution 4.1.0
B2evolution B2evolution 4.1.3
B2evolution B2evolution 4.1.1
7.5
CVSSv2
CVE-2006-6417
PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 up to and including 1.9 beta allows remote malicious users to execute arbitrary PHP code via a URL in the inc_path parameter.
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.5
B2evolution B2evolution 1.9
1 EDB exploit
4.3
CVSSv2
CVE-2007-0175
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote malicious users to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
B2evolution B2evolution 1.8.6
B2evolution B2evolution 1.8.2
B2evolution B2evolution 1.8.5
6.8
CVSSv2
CVE-2006-6197
Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 up to and including 1.9 beta allow remote malicious users to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_...
B2evolution B2evolution 1.9 Beta
B2evolution B2evolution 1.8.2
3 EDB exploits
7.5
CVSSv2
CVE-2009-1657
Multiple SQL injection vulnerabilities in the Starrating plugin prior to 0.7.7 for b2evolution allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
B2evolution Starrating Plugin
B2evolution Starrating Plugin 0.7.5
B2evolution Starrating Plugin 0.7
B2evolution Starrating Plugin 0.6
3.5
CVSSv2
CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an malicious user to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
B2evolution B2evolution
5.8
CVSSv2
CVE-2020-22840
Open redirect vulnerability in b2evolution CMS version before 6.11.6 allows an malicious user to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
B2evolution B2evolution
7.5
CVSSv2
CVE-2007-2358
Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote malicious users to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multib...
B2evolution B2evolution
5.5
CVSSv2
CVE-2017-5480
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution up to and including 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
B2evolution B2evolution
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »