Known Vulnerabilities for products from B2evolution
Listed below are 20 of the newest known vulnerabilities associated with the vendor "B2evolution".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-44036 json | ** DISPUTED ** In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allow... | 7.2 - HIGH | 2023-01-03 | 2023-11-07 |
| CVE-2022-30935 json | An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user... | 9.1 - CRITICAL | 2022-09-28 | 2022-09-30 |
| CVE-2021-31632 json | b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User log... | 9.8 - CRITICAL | 2021-12-06 | 2021-12-07 |
| CVE-2021-31631 json | b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerabil... | 8.8 - HIGH | 2021-12-06 | 2021-12-07 |
| CVE-2021-28242 json | SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database... | 8.8 - HIGH | 2021-04-15 | 2022-05-03 |
| CVE-2020-22841 json | Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via ... | 4.8 - MEDIUM | 2021-02-09 | 2021-02-17 |
| CVE-2020-22840 json | Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects... | 6.1 - MEDIUM | 2021-02-09 | 2021-02-17 |
| CVE-2020-22839 json | Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows rem... | 6.1 - MEDIUM | 2021-02-09 | 2021-02-12 |
| CVE-2017-1000423 json | b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install fun... | 9.8 - CRITICAL | 2018-01-02 | 2018-01-17 |
| CVE-2017-5553 json | Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows r... | 5.4 - MEDIUM | 2017-01-23 | 2017-01-26 |
| CVE-2017-5539 json | The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker... | 9.1 - CRITICAL | 2017-01-23 | 2019-10-03 |
| CVE-2017-5494 json | Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authent... | 5.4 - MEDIUM | 2017-01-15 | 2017-01-27 |
| CVE-2017-5480 json | Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users ... | 8.1 - HIGH | 2017-01-15 | 2017-01-18 |
| CVE-2016-9479 json | The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a... | 7.5 - HIGH | 2016-12-02 | 2017-07-28 |
| CVE-2016-8901 json | b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | 9.8 - CRITICAL | 2019-05-23 | 2019-05-28 |
| CVE-2016-7150 json | Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitra... | 5.4 - MEDIUM | 2017-01-18 | 2017-01-23 |
| CVE-2016-7149 json | Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web scr... | 6.1 - MEDIUM | 2017-01-18 | 2017-01-23 |
| CVE-2014-9599 json | Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arb... | 4.3 - MEDIUM | 2015-01-16 | 2017-09-08 |
| CVE-2013-7352 json | Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hij... | 6.8 - MEDIUM | 2014-04-02 | 2014-04-03 |
| CVE-2013-2945 json | SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to exec... | 6.5 - MEDIUM | 2014-04-02 | 2017-08-29 |
Known software with vulnerabilities from B2evolution
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | B2evolution | B2evolution | 4.1.0 |
| Application | B2evolution | B2evolution Cms | 5.1.2 |