EUVD-2007-0179

Malware in sbrugna...

Design/Logic Flaw

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

CVE-2016-8901 affects b2evolution 6.7.6 with an Object Injection vulnerability in /htsrv/call_plugin.php. CVSS3 base score 9.8 (CRITICAL) indicates high-impact, network-exposed, no authentication, and potential for full system compromise; however exploitation details are not provided in the conne...

CVE-2012-5910

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirectto parameter...

CVE-2007-0175

CVE-2007-0175 describes an XSS vulnerability in b2evolution 1.8.6, where the htsrv/login.php script accepts scriptable attributes in the redirect_to parameter to inject arbitrary HTML/JS. Connected records corroborate remote cross-site scripting due to insufficient input sanitising. Debian/DSA-15...