Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

B2evolution Cms Security Vulnerabilities

cve
cve

CVE-2020-22839

Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.

6.1CVSS

5.9AI Score

0.007EPSS

2021-02-09 08:15 PM
196
cve
cve

CVE-2021-31631

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.

8.8CVSS

8.9AI Score

0.001EPSS

2021-12-06 10:15 PM
26
4
cve
cve

CVE-2021-31632

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.

9.8CVSS

9.8AI Score

0.002EPSS

2021-12-06 10:15 PM
23
4
cve
cve

CVE-2022-44036

In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to ...

7.2CVSS

7.2AI Score

0.001EPSS

2023-01-03 09:15 PM
30