CVE-2021-47800

Name of the Vulnerable Software and Affected Versions b2evolution version 7.2.2

Description The software contains a cross-site request forgery condition. This allows attackers to modify administrator account details without authentication. Attackers can create a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.

Recommendations Update to a newer version that contains a fix for this vulnerability.