yurabakhtin

4 exploits Active since Jan 2017
CVE-2016-8901 WRITEUP CRITICAL WRITEUP
b2evolution 6.7.6 - Code Injection
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
CVSS 9.8
CVE-2017-1000423 WRITEUP CRITICAL WRITEUP
b2evolution <6.8.10 - RCE
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
CVSS 9.8
CVE-2017-5539 WRITEUP CRITICAL WRITEUP
B2evolution - Path Traversal
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.
CVSS 9.1
CVE-2017-5553 WRITEUP MEDIUM WRITEUP
B2evolution < 6.8.4 - XSS
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.
CVSS 5.4