CVE-2021-28242

Name of the Vulnerable Software and Affected Versions: b2evolution version 7.2.2-stable

Description: The issue allows remote attackers to obtain sensitive database information by injecting SQL commands into the cf name parameter when creating a new filter under the "Collections" tab. This occurs in the "evoadm.php" component.

Recommendations: For b2evolution version 7.2.2-stable, as a temporary workaround, consider restricting access to the "evoadm.php" component, specifically when creating new filters under the "Collections" tab, to minimize the risk of exploitation. Avoid using the cf name parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.