Количество 2
Количество 2
CVE-2022-44036
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
GHSA-5c2h-v384-qmpw
RESERVED There is an arbitrary file upload vulnerability in b2evolution v7.2.5. Attackers can use this vulnerability to execute remote commands.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-44036 In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it." | CVSS3: 7.2 | 1% Низкий | около 3 лет назад |
| GHSA-5c2h-v384-qmpw RESERVED There is an arbitrary file upload vulnerability in b2evolution v7.2.5. Attackers can use this vulnerability to execute remote commands. | CVSS3: 7.2 | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу