本ページは b2evolution b2evolution_cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-44036 | In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it." | [email protected] | 7.2 | 0.92% | 2023-01-03 | 2024-11-21 |
| CVE-2021-31632 | b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input. | [email protected] | 9.8 | 0.59% | 2021-12-06 | 2024-11-21 |
| CVE-2021-31631 | b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | [email protected] | 8.8 | 0.14% | 2021-12-06 | 2024-11-21 |
| CVE-2020-22839 | Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | [email protected] | 6.1 | 1.04% | 2021-02-09 | 2024-11-21 |