SQL Injection Vulnerability in b2evolution CMS by b2evolution
CVE-2021-31632

9.8CRITICAL

Key Information:

Vendor: B2evolution
Status: B2evolution Cms
Vendor: CVE Published:; 6 December 2021

🔔 Create B2evolution Vulnerability Alert

What is CVE-2021-31632?

The b2evolution CMS version 7.2.3 has a vulnerability that allows for SQL injection through the 'cfqueryparam' parameter in the User login section. This security issue permits attackers to manipulate the system by executing arbitrary SQL queries, potentially leading to unauthorized access and control over the affected application. Proper validation and sanitization of user inputs are critical to mitigate such vulnerabilities.

References

https://gist.github.com/Stacksmashers101/c6b9ea92f42c2347...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2021
Vulnerability Reserved
Apr 23, 2021

JSON