38 matches found
b2evolution CMS Cross-Site Request Forgery Vulnerability
b2evolution CMS is a content management system open source by the b2evolution Group. Version 7.2.2 of b2evolution CMS has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow unauthorized users to modify administrator accoun...
CVE-2021-31631
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the User login page. This vulnerability allows attackers to escalate privileges...
EUVD-2021-18520
Malware in sbrugna...
EUVD-2020-15596
Malware in sbrugna...
EUVD-2020-15598
Malware in sbrugna...
CVE-2021-31632
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...
CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...
CVE-2020-22839
Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...
CVE-2020-22840
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirectto parameter in emailpassthrough.php...
CVE-2021-31632
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...
CVE-2021-31632
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...
Cross site request forgery (csrf)
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the User login page. This vulnerability allows attackers to escalate privileges...
Sql injection
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...
CVE-2021-31632
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...
CVE-2021-31632
Affected software: b2evolution CMS v7.2.3. Vulnerability: SQL injection via the cfqueryparam parameter in the User login section. Root cause / nature: input crafting leads to injection and potential arbitrary code execution. Impact: high (per CVSS measures) with potential code execution; exact ex...
b2evolution SQL注入漏洞
b2evolution is a community content management system based on PHP and MySQL. A security vulnerability exists in b2evolution CMS v7.2.3, which can be exploited by an attacker to execute arbitrary code via the parameter cfqueryparam in the user login section...
b2evolution 7-2-2 - (cf_name) SQL Injection Exploit
Exploit Title: b2evolution 7-2-2 - 'cfname' SQL Injection Author: @nu11secur1ty Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE: CVE-2021-28242 Proof: https://streamable.com/x51kso + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28242 from...
b2evolution CMS 6.11.6 Open Redirection
Exploit Title: Open redirect in b2evolution CMS 6.11.6 redirectto parameter in emailpassthrough.php Google Dork: N/A Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405...
b2evolution CMS 6.11.6 Cross Site Scripting
Exploit Title: Reflected XSS in b2evolution CMS 6.11.6 via tab3 parameter in evoadm.php CVE : CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version:...
CVE-2020-22839
Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...