cbcvebase.

Cafelog B2 vulnerabilities

5 known vulnerabilities affecting cafelog/b2.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2007-2290P3HIGHCVSS 7.5PoCv0.6.12007-04-26
CVE-2007-2290 [HIGH] CVE-2007-2290: Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.
nvd
CVE-2002-1466P3CRITICALCVSS 10.0v2.06pre42003-04-22
CVE-2002-1466 [CRITICAL] CVE-2002-1466: CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute ar CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
nvd
CVE-2002-1465P4HIGHCVSS 7.5≤ 0.6pre22003-04-22
CVE-2002-1465 [HIGH] CVE-2002-1465: SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary S SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
nvd
CVE-2022-23653P4MEDIUM≥ 0, < 3.2.12022-02-24
CVE-2022-23653 [MEDIUM] CWE-367 B2 Command Line Tool TOCTOU application key disclosure B2 Command Line Tool TOCTOU application key disclosure ### Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CON
ghsaosv
CVE-2002-1464P4MEDIUMCVSS 6.8v2.6pre42003-04-22
CVE-2002-1464 [MEDIUM] CVE-2002-1464: Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
nvd
Cafelog B2 vulnerabilities | cvebase