Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

b2evolution

b2evolution is an advanced weblog tool i-e software allowing you to run your own blogs newsfeeds or even photo stream. b2evolution is a medium scale CMS centered around the Blog concept fully featured with multiple blogs content/presentation separation full user management full internationalization (i18n) workflow management... and extending towards features normally provided by Wikis Trac

Official Site:

http://b2evolution.net/

Severity Summary:

Critical: 4 High: 6 Medium: 14
Reference
Title
Severity
CVE-2016-8901
b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2017-1000423
b2evolution Improper Input Validation Vulnerability
Critical
CVE-2022-30935
b2evolution Use of Insufficiently Random Values Vulnerability
Critical
CVE-2017-5539
b2evolution Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2021-28242
b2evolution Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability
High
CVE-2017-5480
b2evolution Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2016-9479
b2evolution Credentials Management Errors Vulnerability
High
CVE-2006-6417
b2evolution Other Vulnerability
High
CVE-2007-2358
b2evolution Other Vulnerability
High
CVE-2007-2681
b2evolution Other Vulnerability
High
CVE-2012-5910
b2evolution Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2006-6197
b2evolution Other Vulnerability
Medium
CVE-2007-0175
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2011-3709
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2013-2945
b2evolution Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2012-5911
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2016-7150
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-5553
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-9599
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-22840
b2evolution URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2020-22841
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-5494
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2016-7149
b2evolution Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-7352
b2evolution Cross-Site Request Forgery (CSRF) Vulnerability
Medium