RSS   Vulnerabilities for 'B2evolution cms'   RSS

2021-12-06
 
CVE-2021-31631

CWE-352
 
 
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.

 
 
CVE-2021-31632

CWE-89
 
 
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.

 
2021-02-09
 
CVE-2020-22839

CWE-79
 
 
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.

 

 >>> Vendor: B2evolution 3 Products
B2evolution
Starrating plugin
B2evolution cms

Copyright 2024, cxsecurity.com

 

Back to Top