Vulnerability Description
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| B2Evolution | B2Evolution | >= 6.6.0, <= 6.8.10 |
Related Weaknesses (CWE)
References
- https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092PatchThird Party Advisory
- https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1aPatchThird Party Advisory
- https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092PatchThird Party Advisory
- https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1aPatchThird Party Advisory
FAQ
What is CVE-2017-1000423?
CVE-2017-1000423 is a vulnerability with a CVSS score of 9.8 (CRITICAL). b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution...
How severe is CVE-2017-1000423?
CVE-2017-1000423 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-1000423?
Check the references section above for vendor advisories and patch information. Affected products include: B2Evolution B2Evolution.