Vulnerabilities > B2Evolution > B2Evolution CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-03 | CVE-2022-44036 | Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5 In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. | 7.2 |
| 2021-12-06 | CVE-2021-31631 | Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. | 6.8 |
| 2021-12-06 | CVE-2021-31632 | SQL Injection vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. | 7.5 |
| 2021-02-09 | CVE-2020-22839 | Cross-site Scripting vulnerability in B2Evolution CMS 6.11.6 Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | 4.3 |