High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-03	CVE-2022-44036	Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5 In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. network low complexity b2evolution CWE-434	7.2
2021-12-06	CVE-2021-31631	Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. network low complexity b2evolution CWE-352	8.8
2021-04-15	CVE-2021-28242	SQL Injection vulnerability in B2Evolution 7.2.2 SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. network low complexity b2evolution CWE-89	8.8
2017-01-15	CVE-2017-5480	Path Traversal vulnerability in B2Evolution Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. network low complexity b2evolution CWE-22	8.1
2016-12-02	CVE-2016-9479	Credentials Management vulnerability in B2Evolution The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. network low complexity b2evolution CWE-255	7.5