CVE-2020-22840

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirectto parameter in emailpassthrough.php...

Open redirect

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirectto parameter in emailpassthrough.php...

Cross site scripting

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

CVE-2020-22841

CVE-2020-22841 concerns a Stored XSS vulnerability in b2evolution CMS versions up to and including 6.11.6 . The flaw arises in the plugin module’s plugin name input field , where malicious JavaScript can be stored and later executed by other users. Public references document this as a stored XSS ...

CVE-2020-22840

CVE-2020-22840 affects b2evolution CMS prior to 6.11.6. It is an open redirect in email_passthrough.php via the redirect_to parameter, enabling redirects to attacker-controlled sites. Reported impact includes phishing and data exposure risks; PoCs exist (e.g., exploit-db 49554) and public templat...

CVE-2020-22840

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirectto parameter in emailpassthrough.php...

B2evolution Cms Cross-Site Scripting Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in B2evolution Cms, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

b2evolution Input Validation Error Vulnerability

b2evolution is a community content management system based on PHP and MySQL. An input validation error vulnerability exists in B2evolution Cms, which arises from a network system or product that does not properly validate input data...

b2evolution 跨站脚本漏洞

B2evolution is a PHP and MySQL-based community content management system. B2evolution cross-site scripting vulnerability can be exploited by attackers to execute malicious JavaScript code via the plugin name input field in the plugin module...

File Upload Vulnerability in b2evolution Blog System

b2evolution is a PHP MySQL development , mature , excellent Blog engine . It contains a Blog tool should have all the features . b2evolution blog system file upload vulnerability , an attacker can exploit the vulnerability to upload arbitrary files , to obtain server privileges...

Design/Logic Flaw

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

CVE-2016-8901 affects b2evolution 6.7.6 with an Object Injection vulnerability in /htsrv/call_plugin.php. CVSS3 base score 9.8 (CRITICAL) indicates high-impact, network-exposed, no authentication, and potential for full system compromise; however exploitation details are not provided in the conne...

b2evolution Remote PHP Code Execution Vulnerability

b2evolution is prone to a remote PHP code execution vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

b2evolution CMS 6.8.10 PHP Code Execution

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install functionality CVE: CVE-2017-1000423 Credit: Anti RA$?is...

b2evolution PHP Code Execution Vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A PHP code execution vulnerability exists in the basic installation functionality of b2evolution versions 6.6.0 through 6.8.10. An attacker can exploit this vulnerability to execute PHP code...

b2evolution CMS 6.8.10 PHP Code Execution Vulnerability

Exploit for php platform in category web applications b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install...