CVE-2022-30935
https://notcve.org/view.php?id=CVE-2022-30935
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well. Una omisión de autorización en b2evolution permite a atacantes remotos no autenticados predecir tokens de restablecimiento de contraseña para cualquier usuario mediante el uso de una función de aleatoriedad incorrecta. • https://b2evolution.net/downloads/7-2-5-stable https://github.com/b2evolution/b2evolution/blob/master/inc/_core/_misc.funcs.php#L5955 https://github.com/b2evolution/b2evolution/issues/114 • CWE-330: Use of Insufficiently Random Values •
CVE-2021-28242 – b2evolution 7-2-2 - 'cf_name' SQL Injection
https://notcve.org/view.php?id=CVE-2021-28242
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. Una inyección SQL en el componente "evoadm.php" de b2evolution versión v7.2.2-stable, permite a atacantes remotos obtener información confidencial de la base de datos al inyectar comandos SQL en el parámetro "cf_name" al crear un nuevo filtro en la pestaña "Colecciones" b2evolution version 7-2-2 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/49840 http://packetstormsecurity.com/files/162489/b2evolution-7-2-2-SQL-Injection.html https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644 https://github.com/b2evolution/b2evolution/issues/109 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-22841 – b2evolution 6.11.6 - 'plugin name' Stored XSS
https://notcve.org/view.php?id=CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. Un ataque de tipo XSS almacenado en b2evolution CMS versiones 6.11.6 y anteriores, permite a un atacante llevar a cabo una ejecución de código JavaScript maliciosa por medio del campo de entrada de nombre del plugin en el módulo plugin b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/49551 http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html https://github.com/b2evolution/b2evolution/issues/102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22840 – b2evolution CMS 6.11.6 Open Redirection
https://notcve.org/view.php?id=CVE-2020-22840
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. Una vulnerabilidad de redireccionamiento abierto en b2evolution CMS versiones anteriores a 6.11.6, permite a un atacante llevar a cabo redireccionamientos abiertos maliciosos hacia un recurso controlado por el atacante por medio del parámetro redirect_to en el archivo email_passthrough.php b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability. • http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html https://github.com/b2evolution/b2evolution/issues/102 https://www.exploit-db.com/exploits/49554 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-8901
https://notcve.org/view.php?id=CVE-2016-8901
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. b2evolution versión 6.7.6, sufre de una vulnerabilidad de Inyección de Objeto en /htsrv/call_plugin.php. • http://www.openwall.com/lists/oss-security/2016/09/30/3 https://github.com/b2evolution/b2evolution/commit/25c21cf9cc4261324001f9039509710b37ee2c4d https://github.com/b2evolution/b2evolution/commit/999b5ad1d59760d7e450ceb541f55432fc74cd27 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •