{"id":"CVE-2017-1000423","details":"b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.","modified":"2026-04-10T03:56:05.987832Z","published":"2018-01-02T20:29:00.237Z","references":[{"type":"FIX","url":"https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2"},{"type":"FIX","url":"https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/b2evolution/b2evolution","events":[{"introduced":"01beb737f86c06cb4b5f4fe3c3c71f9103077a08"},{"last_affected":"5e00bea0453ee3de69b59fb84ea9ffe79784c440"},{"fixed":"0096a3ebc85f6aadbda2c4427cd092a538b161d2"},{"fixed":"b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c"}],"database_specific":{"versions":[{"introduced":"6.6.0"},{"last_affected":"6.8.10"}]}}],"versions":["6.6.0","6.6.1","6.6.4","6.6.5","6.6.6","6.6.7","6.6.8","6.7.0-alpha","6.7.5","6.7.6","6.7.7","6.8.0-beta","6.8.1","6.8.10","6.8.2","6.8.3","6.8.4","6.8.5","6.8.6","6.8.7","6.8.8","6.8.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000423.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}