Search
Search Results (30 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28242 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 8.8 High |
| SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. | ||||
| CVE-2020-22841 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 4.8 Medium |
| Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | ||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | ||||
| CVE-2020-22839 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | ||||
| CVE-2017-1000423 | 1 B2evolution | 1 B2evolution | 2024-11-21 | N/A |
| b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | ||||
| CVE-2016-8901 | 1 B2evolution | 1 B2evolution | 2024-11-21 | N/A |
| b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | ||||
| CVE-2011-3709 | 1 B2evolution | 1 B2evolution | 2024-08-06 | N/A |
| b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files. | ||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2024-08-06 | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | ||||
| CVE-2012-5911 | 1 B2evolution | 1 B2evolution | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. | ||||
| CVE-2013-7352 | 1 B2evolution | 1 B2evolution | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945. | ||||