B2evolution » B2evolution : Security Vulnerabilities, CVEs, (Directory traversal) CVSS score >= 6
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.
Max CVSS
9.1
EPSS Score
0.13%
Published
2017-01-23
Updated
2019-10-03
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
Max CVSS
8.1
EPSS Score
0.18%
Published
2017-01-15
Updated
2017-01-18
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
Max CVSS
7.5
EPSS Score
0.75%
Published
2007-05-15
Updated
2018-10-16
3 vulnerabilities found