HomePentest-Tools.com Logo

b2evolution Remote PHP Code Execution Vulnerability CVE-2017-1000423

Severity
CVSSv3 Score
9.8
Vulnerability description

b2evolution is prone to a remote PHP code execution vulnerability.

Risk description

An unauthenticated attacker with access to the /install functionality can configure the application installation parameters and complete the installation. This functionality can be used to execute PHP code on the server and ultimately take control of the site.

Recommendation

Upgrade to version 6.8.11 or later

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 2, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available