Vulnerabilities > B2Evolution > B2Evolution CMS

DATE CVE VULNERABILITY TITLE RISK
2021-12-06 CVE-2021-31632 SQL Injection vulnerability in B2Evolution CMS 7.2.3
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section.
network
low complexity
b2evolution CWE-89
7.5
2021-12-06 CVE-2021-31631 Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page.
6.8
2021-02-09 CVE-2020-22839 Cross-site Scripting vulnerability in B2Evolution CMS 6.11.6
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
4.3