Vulnerabilities > B2Evolution > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-30935 | Use of Insufficiently Random Values vulnerability in B2Evolution An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. | 9.1 |
| 2021-12-06 | CVE-2021-31632 | SQL Injection vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. | 9.8 |
| 2019-05-23 | CVE-2016-8901 | Injection vulnerability in B2Evolution 6.7.6 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | 9.8 |
| 2018-01-02 | CVE-2017-1000423 | Improper Input Validation vulnerability in B2Evolution b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | 9.8 |
| 2017-01-23 | CVE-2017-5539 | Path Traversal vulnerability in B2Evolution 6.8.4 The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. | 9.1 |