Vulnerabilities > B2Evolution > B2Evolution CMS > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-03 CVE-2022-44036 Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution.
network
low complexity
b2evolution CWE-434
7.2
7.2
2021-12-06 CVE-2021-31632 SQL Injection vulnerability in B2Evolution CMS 7.2.3
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section.
network
low complexity
b2evolution CWE-89
7.5
7.5