yurabakhtin - Security Researcher - Exploit Intelligence Platform

CVE-2016-8901 WRITEUP CRITICAL WRITEUP

b2evolution 6.7.6 - Object Injection via call_plugin.php

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.

CVSS 9.8

View Code

CVE-2017-1000423 WRITEUP CRITICAL WRITEUP

b2evolution 6.6.0-6.8.10 - Unauthenticated Remote Code Execution via Input Validation Bypass

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.

CVSS 9.8

View Code

CVE-2017-5539 WRITEUP CRITICAL WRITEUP

b2evolution - Path Traversal and Arbitrary File Read via Filter Bypass

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.

CVSS 9.1

View Code

CVE-2017-5553 WRITEUP MEDIUM WRITEUP

b2evolution < 6.8.5 - Authenticated Stored Cross-Site Scripting via Markdown Plugin

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

CVSS 5.4

View Code