Vulnerabilities > B2Evolution > B2Evolution CMS > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-03 CVE-2022-44036 Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution.
network
low complexity
b2evolution CWE-434
7.2
7.2
2021-12-06 CVE-2021-31631 Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page.
network
low complexity
b2evolution CWE-352
8.8
8.8