Vulnerabilities > B2Evolution

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-06	CVE-2021-31631	Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. network b2evolution CWE-352	6.8
2021-12-06	CVE-2021-31632	SQL Injection vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. network low complexity b2evolution CWE-89	7.5
2021-04-15	CVE-2021-28242	SQL Injection vulnerability in B2Evolution 7.2.2 SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. network low complexity b2evolution CWE-89	6.5
2021-02-09	CVE-2020-22839	Cross-site Scripting vulnerability in B2Evolution CMS 6.11.6 Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. network b2evolution CWE-79	4.3
2021-02-09	CVE-2020-22841	Cross-site Scripting vulnerability in B2Evolution Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. network b2evolution CWE-79	3.5
2021-02-09	CVE-2020-22840	Open Redirect vulnerability in B2Evolution Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. network b2evolution CWE-601	5.8
2019-05-23	CVE-2016-8901	Injection vulnerability in B2Evolution 6.7.6 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. network low complexity b2evolution CWE-74	7.5
2018-01-02	CVE-2017-1000423	Improper Input Validation vulnerability in B2Evolution b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. network low complexity b2evolution CWE-20	7.5
2017-01-23	CVE-2017-5553	Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. network b2evolution CWE-79	3.5
2017-01-23	CVE-2017-5539	Path Traversal vulnerability in B2Evolution 6.8.4 The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. network low complexity b2evolution CWE-22 critical	9.0

Vulnerabilities > B2Evolution {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"B2Evolution"}]}

Vulnerabilities > B2Evolution