B2evolution CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor B2evolution Subscriptions

Filtered by product B2evolution Subscriptions

Search

Switch to Advanced Search (Beta)

Total 25 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-28242	1 B2evolution	1 B2evolution	2024-11-21	8.8 High
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVE-2020-22841	1 B2evolution	1 B2evolution	2024-11-21	4.8 Medium
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
CVE-2020-22840	1 B2evolution	1 B2evolution	2024-11-21	6.1 Medium
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
CVE-2017-1000423	1 B2evolution	1 B2evolution	2024-11-21	N/A
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
CVE-2016-8901	1 B2evolution	1 B2evolution	2024-11-21	N/A
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.

« first previous Page 2 of 2.