Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b2evolution vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-5911
Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote malicious users to inject arbitrary web script or HTML via the message body.
B2evolution B2evolution 4.1.3
5
CVSSv2
CVE-2011-3709
b2evolution 3.3.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.
B2evolution B2evolution 3.3.3
7.5
CVSSv2
CVE-2007-2681
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
B2evolution B2evolution 1.6
6.5
CVSSv2
CVE-2021-28242
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote malicious users to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" ...
B2evolution B2evolution 7.2.2
7.5
CVSSv2
CVE-2016-8901
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
B2evolution B2evolution 6.7.6
4.3
CVSSv2
CVE-2020-22839
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote malicious users to inject arbitrary webscript or HTML code via the tab3 parameter.
B2evolution B2evolution Cms 6.11.6
6.8
CVSSv2
CVE-2021-31631
b2evolution CMS v7.2.3 exists to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows malicious users to escalate privileges.
B2evolution B2evolution Cms 7.2.3
7.5
CVSSv2
CVE-2021-31632
b2evolution CMS v7.2.3 exists to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows malicious users to execute arbitrary code via a crafted input.
B2evolution B2evolution Cms 7.2.3
NA
CVE-2022-44036
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that ...
B2evolution B2evolution Cms 7.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3