CVE-2022-44036 Information

Description

DISPUTED In b2evolution 7.2.5 if configured with admins_can_manipulate_sensitive_files arbitrary file upload is allowed for admins leading to command execution. NOTE: the vendor’s position is that this is ery obviously a feature not an issue and if you don’t like that feature it is very obvious how to disable it.\

Reference

https://github.com/b2evolution/b2evolution/issues/121