CVE-2020-22839

CVE-2020-22839 affects b2evolution CMS 6.11.6-stable, specifically the evoadm.php file. The vulnerability is a reflected XSS via the tab3 parameter, enabling injection of arbitrary web script/HTML. Public PoCs exist (Exploit-DB and PacketStorm) demonstrating the tab3 XSS. Exploitation status in p...

CVE-2022-44036

CVE-2022-44036 affects b2evolution 7.2.5. When configured with the option "admins_can_manipulate_sensitive_files", admins can upload arbitrary files, which can lead to command execution. The vendor treats this as a feature, and disabling the feature is suggested as a mitigation. No explicit patch...

CVE-2021-31632

Affected software: b2evolution CMS v7.2.3. Vulnerability: SQL injection via the cfqueryparam parameter in the User login section. Root cause / nature: input crafting leads to injection and potential arbitrary code execution. Impact: high (per CVSS measures) with potential code execution; exact ex...

CVE-2021-31631

CVE-2021-31631 affects b2evolution CMS v7.2.3, where a Cross-Site Request Forgery (CSRF) on the user login page can be leveraged to elevate privileges. The Red Hat, CNVD, OSV and other connected records corroborate the same description and identify the affected product and vulnerability class, wi...