B2evolution: Security Vulnerabilities
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
CVSS Score
7.2
EPSS Score
0.001
Published
2023-01-03
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-09-28
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-12-06
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-12-06
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVSS Score
8.8
EPSS Score
0.007
Published
2021-04-15
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-02-09
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
CVSS Score
6.1
EPSS Score
0.293
Published
2021-02-09
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
CVSS Score
4.8
EPSS Score
0.004
Published
2021-02-09
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-05-23
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
CVSS Score
9.8
EPSS Score
0.018
Published
2018-01-02
Page 1