PT-2022-20394 · Unknown · B2Evolution

Name of the Vulnerable Software and Affected Versions: b2evolution versions prior to 7.2.3 Description: An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the...

b2evolution Code Execution Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A security vulnerability exists in b2evolution CMS v7.2.3, which can be exploited by an attacker to execute arbitrary code via the parameter cfqueryparam in the user login section...

b2evolution cross-site request forgery vulnerability

b2evolution is a PHP and MySQL-based community content management system. b2evolution CMS v7.2.3 is vulnerable due to a cross-site request forgery CSRF contained in the user login page. An attacker could exploit this vulnerability to elevate privileges...

SQL Injection

b2evolution is vulnerable to sql injection. An attacker can inject and execute malicious input through the user input parameters in the user registration section of register.php...

CVE-2021-31632

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...

CVE-2021-31632

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...

Cross site request forgery (csrf)

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the User login page. This vulnerability allows attackers to escalate privileges...

Sql injection

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...

CVE-2021-31632

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input...

CVE-2021-31632

Affected software: b2evolution CMS v7.2.3. Vulnerability: SQL injection via the cfqueryparam parameter in the User login section. Root cause / nature: input crafting leads to injection and potential arbitrary code execution. Impact: high (per CVSS measures) with potential code execution; exact ex...

CVE-2021-31631

CVE-2021-31631 affects b2evolution CMS v7.2.3, where a Cross-Site Request Forgery (CSRF) on the user login page can be leveraged to elevate privileges. The Red Hat, CNVD, OSV and other connected records corroborate the same description and identify the affected product and vulnerability class, wi...

b2evolution 跨站请求伪造漏洞

b2evolution is a PHP and MySQL-based community content management system. b2evolution CMS v7.2.3 is vulnerable due to a cross-site request forgery CSRF contained in the user login page. An attacker could exploit this vulnerability to elevate privileges...

b2evolution SQL注入漏洞

b2evolution is a community content management system based on PHP and MySQL. A security vulnerability exists in b2evolution CMS v7.2.3, which can be exploited by an attacker to execute arbitrary code via the parameter cfqueryparam in the user login section...

b2evolution 7.2.2 Cross Site Request Forgery

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

b2evolution 7.2.2 - (edit account details) Cross-Site Request Forgery Vulnerability

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

b2evolution Command Injection Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A command injection vulnerability exists in b2evolution v7.2.2-stable, which can be exploited by a remote attacker to obtain sensitive database information by injecting SQL commands into the "cf name" parameter when...

b2evolution 7-2-2 - (cf_name) SQL Injection Exploit

Exploit Title: b2evolution 7-2-2 - 'cfname' SQL Injection Author: @nu11secur1ty Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE: CVE-2021-28242 Proof: https://streamable.com/x51kso + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28242 from...

b2evolution 7-2-2 SQL Injection

Exploit Title: b2evolution 7-2-2 obtaining sensitive database information by injecting SQL commands into the "cfname" parameter Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.06.2021 Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE:...

b2evolution 7-2-2 - 'cf_name' SQL Injection

Exploit Title: b2evolution 7-2-2 - 'cfname' SQL Injection Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.06.2021 Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE: CVE-2021-28242 Proof: https://streamable.com/x51kso + Exploit Source:...