Vulnerabilities > B2Evolution > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-03 | CVE-2022-44036 | Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5 In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. | 7.2 |
| 2021-12-06 | CVE-2021-31632 | SQL Injection vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. | 7.5 |
| 2019-05-23 | CVE-2016-8901 | Injection vulnerability in B2Evolution 6.7.6 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | 7.5 |
| 2018-01-02 | CVE-2017-1000423 | Improper Input Validation vulnerability in B2Evolution b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | 7.5 |
| 2009-05-18 | CVE-2009-1657 | SQL Injection vulnerability in B2Evolution Starrating Plugin 0.6/0.7/0.7.5 Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-05-15 | CVE-2007-2681 | File-Upload vulnerability in B2Evolution 1.6 Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2006-12-10 | CVE-2006-6417 | Remote File Include vulnerability in B2Evolution 1.8.5/1.9/1.9Beta PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | 7.5 |