b2evolution < 7.2.3 SQL Injection Vulnerability

b2evolution is prone to an SQL injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

CVE-2021-28242

SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cfname" parameter when creating a new filter under the "Collections" tab...

CVE-2021-28242

SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cfname" parameter when creating a new filter under the "Collections" tab...

Sql injection

SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cfname" parameter when creating a new filter under the "Collections" tab...

CVE-2021-28242

This CVE affects b2evolution v7.2.2-stable, specifically the evoadm.php component. The vulnerability is SQL Injection in the cf_name parameter when creating a new filter under the Collections tab, enabling remote attackers to obtain sensitive database information. Exploitation materials exist in ...

CVE-2021-28242

SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cfname" parameter when creating a new filter under the "Collections" tab...

b2evolution SQL注入漏洞

b2evolution is a community content management system based on PHP and MySQL. A command injection vulnerability exists in b2evolution v7.2.2-stable, which can be exploited by a remote attacker to obtain sensitive database information by injecting SQL commands into the "cf name" parameter when...

B2evolution Cross-Site Scripting Vulnerability (CNVD-2021-100271)

B2evolution is a PHP and MySQL-based community content management system. B2evolution cross-site scripting vulnerability can be exploited by attackers to execute malicious JavaScript code via the plugin name input field in the plugin module...

b2evolution 6.11.6 - &#039;tab3&#039; Reflected XSS

Exploit Title: b2evolution 6.11.6 - 'tab3' Reflected XSS CVE: CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version...

b2evolution < 6.11.7 Multiple Vulnerabilities

b2evolution is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

b2evolution 6.11.6 - &#039;redirect_to&#039; Open Redirect

Exploit Title: b2evolution 6.11.6 - 'redirectto' Open Redirect Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...

b2evolution 6.11.6 - &#039;plugin name&#039; Stored XSS

Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS Date: 09/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...

b2evolution CMS 6.11.6 Cross Site Scripting

Exploit Title: Reflected XSS in b2evolution CMS 6.11.6 via tab3 parameter in evoadm.php CVE : CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version:...

b2evolution CMS 6.11.6 Open Redirection

Exploit Title: Open redirect in b2evolution CMS 6.11.6 redirectto parameter in emailpassthrough.php Google Dork: N/A Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405...

CVE-2020-22839

Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...

CVE-2020-22839

Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...

CVE-2020-22839

CVE-2020-22839 affects b2evolution CMS 6.11.6-stable, specifically the evoadm.php file. The vulnerability is a reflected XSS via the tab3 parameter, enabling injection of arbitrary web script/HTML. Public PoCs exist (Exploit-DB and PacketStorm) demonstrating the tab3 XSS. Exploitation status in p...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

CVE-2020-22840

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirectto parameter in emailpassthrough.php...