Download
| Alert*
CVE-2016-8901
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. CVE-2017-1000423 b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. |