cbcvebase.

B2Evolution Cms vulnerabilities

4 known vulnerabilities affecting b2evolution/b2evolution_cms.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2020-22839P3MEDIUMCVSS 6.1PoCv6.11.62021-02-09
CVE-2020-22839 [MEDIUM] CWE-79 CVE-2020-22839: Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
nvd
CVE-2021-31632P3CRITICALCVSS 9.8v7.2.32021-12-06
CVE-2021-31632 [CRITICAL] CWE-89 CVE-2021-31632: b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfq b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.
nvd
CVE-2022-44036P3HIGHCVSS 7.2v7.2.52023-01-03
CVE-2022-44036 [HIGH] CWE-434 CVE-2022-44036: In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file uploa In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
nvd
CVE-2021-31631P4HIGHCVSS 8.8v7.2.32021-12-06
CVE-2021-31631 [HIGH] CWE-352 CVE-2021-31631: b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User lo b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.
nvd
B2Evolution Cms vulnerabilities | cvebase