Critical severity9.8OSV Advisory· Published Jan 2, 2018· Updated Jun 17, 2026
CVE-2017-1000423
CVE-2017-1000423
Description
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26.6.0, 6.6.1, 6.6.4, …+ 1 more
- (no CPE)range: 6.6.0, 6.6.1, 6.6.4, …
- (no CPE)range: 6.6.0 - 6.8.10
Patches
Vulnerability mechanics
References
2- github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2nvdPatchThird Party Advisory
- github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04cnvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.