Unauthenticated PHP Code Execution in b2evolution v6.6.0 - v6.8.10

Unauthenticated PHP Code Execution in b2evolution v6.6.0 - v6.8.10

CVE-2017-1000423 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.

Learn more about our Web Application Penetration Testing UK.