CVE-2022-30935
https://notcve.org/view.php?id=CVE-2022-30935
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well. Una omisión de autorización en b2evolution permite a atacantes remotos no autenticados predecir tokens de restablecimiento de contraseña para cualquier usuario mediante el uso de una función de aleatoriedad incorrecta. • https://b2evolution.net/downloads/7-2-5-stable https://github.com/b2evolution/b2evolution/blob/master/inc/_core/_misc.funcs.php#L5955 https://github.com/b2evolution/b2evolution/issues/114 • CWE-330: Use of Insufficiently Random Values •
CVE-2020-22841 – b2evolution 6.11.6 - 'plugin name' Stored XSS
https://notcve.org/view.php?id=CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. Un ataque de tipo XSS almacenado en b2evolution CMS versiones 6.11.6 y anteriores, permite a un atacante llevar a cabo una ejecución de código JavaScript maliciosa por medio del campo de entrada de nombre del plugin en el módulo plugin b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/49551 http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html https://github.com/b2evolution/b2evolution/issues/102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22840 – b2evolution CMS 6.11.6 Open Redirection
https://notcve.org/view.php?id=CVE-2020-22840
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. Una vulnerabilidad de redireccionamiento abierto en b2evolution CMS versiones anteriores a 6.11.6, permite a un atacante llevar a cabo redireccionamientos abiertos maliciosos hacia un recurso controlado por el atacante por medio del parámetro redirect_to en el archivo email_passthrough.php b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability. • http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html https://github.com/b2evolution/b2evolution/issues/102 https://www.exploit-db.com/exploits/49554 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-1000423 – b2evolution CMS 6.8.10 PHP Code Execution
https://notcve.org/view.php?id=CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. b2evolution, de las versiones 6.6.0 a la 6.8.10, es vulnerable a la validación de entradas (escape de barra diagonal inversa y comilla simple) en la funcionalidad de instalación básica. Esto provoca que un atacante no autenticado pueda ejecutar código PHP en la instalación de la víctima. b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability. • https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2 https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c • CWE-20: Improper Input Validation •
CVE-2017-5539
https://notcve.org/view.php?id=CVE-2017-5539
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. El parche para el salto de directorio (CVE-2017-5480) en b2evolution versión 6.8.4-stable tiene una vulnerabilidad eludible. • http://b2evolution.net/downloads/6-8-5 http://www.securityfocus.com/bid/95700 https://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a https://github.com/b2evolution/b2evolution/issues/36 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •