CVE-2017-5539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5539): The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. CVE-2017-5480 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5480): Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. CVE-2016-7150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7150): Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. CVE-2016-7149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7149): Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
@Maintainers b2evolution is far behind upstream. 6.9.3-stable should contain the fixes. Please call for stabilization when ready. Thank you
CC'ing treecleaners due to inactivity and outstanding vulnerabilities that remain unpatched.
removed
GLSA Vote: No