270 matches found
Input validation
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...
CVE-2017-1000423
CVE-2017-1000423 affects b2evolution CMS versions 6.6.0–6.8.10. The root cause is input validation in the basic install functionality (backslash and single quote escape), allowing an unauthenticated attacker to gain PHP code execution on the victim’s setup. Multiple sources corroborate a remote P...
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...
b2evolution File Upload Vulnerability
b2evolution is prone to a unrestricted file upload vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
b2evolution Arbitrary File Upload Vulnerability
b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. An arbitrary file upload vulnerability exists in b2evolution. An attacker can exploit this vulnerability to upload arbitrary files to an affected computer, resulting in arbitrary code executio...
b2evolution 6.8.8 Shell Upload
Exploit Title: Remote File Upload Vulnerability in b2evolution 6.8.8 Google Dork: no Date: 14-03-2017 Exploit Author: @runggareksya, @dvnrcy, @yokoacc Vendor Homepage: http://b2evolution.net Software Link: http://b2evolution.net/downloads/6-8-8?download=6883 Version: 6.8.8 Stable Tested on: Windo...
b2evolution 6.8.8 Shell Upload Vulnerability
b2evolution version 6.8.8 Stable suffers from a remote shell upload vulnerability. Exploit Title: Remote File Upload Vulnerability in b2evolution 6.8.8 Google Dork: no Date: 14-03-2017 Exploit Author: @runggareksya, @dvnrcy, @yokoacc Vendor Homepage: http://b2evolution.net Software Link:...
b2evolution directory traversal vulnerability (CNVD-2017-01294)
b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. b2evolution suffers from a directory traversal vulnerability that stems from an incomplete fix for the directory traversal vulnerability CVE-2017-5480 patch. An attacker via ... / can bypass...
b2evolution cross-site scripting vulnerability (CNVD-2017-01089)
b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A cross-site scripting vulnerability exists in b2evolution due to a failure of the program to properly validate user input. An attacker could use this vulnerability to execute arbitrary script...
b2evolution Multiple Vulnerabilities
b2evolution is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:b2evolution:b2evolution"; if...
Directory traversal
The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...
Cross site scripting
Cross-site scripting XSS vulnerability in plugins/markdownplugin/markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL...
CVE-2017-5539
The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...
CVE-2017-5553
Cross-site scripting XSS vulnerability in plugins/markdownplugin/markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL...
CVE-2017-5539
The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...
CVE-2017-5553
Cross-site scripting XSS vulnerability in plugins/markdownplugin/markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL...
CVE-2017-5539
CVE-2017-5539 relates to a bypass of the directory-traversal patch for b2evolution 6.8.4-stable, allowing an attacker to use ../ to bypass filters and read/delete arbitrary server files or check file existence. Affected product: b2evolution (PHP/MySQL blogging software). Root cause: incomplete fi...
CVE-2017-5539
The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...