b2evolution SQL注入漏洞

b2evolution is a community content management system based on PHP and MySQL. A command injection vulnerability exists in b2evolution v7.2.2-stable, which can be exploited by a remote attacker to obtain sensitive database information by injecting SQL commands into the "cf name" parameter when...