3 matches found
CVE-2022-44036
In b2evolution 7.2.5, if configured with adminscanmanipulatesensitivefiles, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to...
CVE-2022-44036
CVE-2022-44036 affects b2evolution 7.2.5. When configured with the option "admins_can_manipulate_sensitive_files", admins can upload arbitrary files, which can lead to command execution. The vendor treats this as a feature, and disabling the feature is suggested as a mitigation. No explicit patch...
CVE-2022-44036
In b2evolution 7.2.5, if configured with adminscanmanipulatesensitivefiles, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to...