Stacksmashers101

**Name of the Vulnerable Software and Affected Versions** b2evolution CMS version 7.2.3 **Description** The issue is a SQL injection vulnerability that exists via the `cfqueryparam` parameter in the User login section. This allows attackers to execute arbitrary code by providing a crafted input. **Recommendations** For b2evolution CMS version 7.2.3, consider restricting access to the User login section until a patch is available. As a temporary workaround, avoid using the `cfqueryparam` parameter in the User login section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.