PT-2018-5198 · B2Evolution · B2Evolution

Published

2018-01-02

Updated

2018-01-17

CVE-2017-1000423

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions b2evolution versions 6.6.0 through 6.8.10

Description The issue concerns input validation in the basic install functionality of the software. Specifically, it involves the escape of backslash and single quote characters, which can be exploited by an unauthenticated attacker to gain PHP code execution on the victim's setup.

Recommendations For versions 6.6.0 through 6.8.10, update to a version that includes the fix for the input validation issue in the basic install functionality to prevent unauthenticated PHP code execution.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-1000423

Affected Products

B2Evolution

PT-2018-5198 · B2Evolution · B2Evolution

CVE-2017-1000423

Weakness Enumeration

Related Identifiers

Affected Products

References · 5