CVE-2021-47800
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| b2evolution | b2evolution | 7.2.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in b2evolution version 7.2.2 that allows attackers to modify administrator account details without authentication. Attackers can create a malicious HTML form that, when loaded by an authenticated admin user, automatically submits unauthorized changes to user profiles by exploiting the 'edit account details' functionality. This is done by tricking the victim into visiting a specially crafted webpage that sends a POST request with manipulated user profile parameters, including a valid CSRF token, to update admin account information without consent. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to change administrative account details without your permission. This unauthorized modification can compromise the integrity of your admin account, potentially leading to loss of control over the CMS, unauthorized access, or further exploitation of the system. Since the attacker can alter admin profile information, it may affect site management and security. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the endpoint `/b2evolution/evoadm.php` that attempt to modify admin account details. Look for suspicious POST requests containing parameters like `edited_user_login`, `edited_user_firstname`, `edited_user_lastname`, and other user profile fields. Detection can involve inspecting web server logs or using network monitoring tools to identify such requests, especially those that include a CSRF token (`crumb_user`). Specific commands depend on your environment, but for example, you can use tools like `grep` on server logs: `grep 'POST /b2evolution/evoadm.php' /var/log/apache2/access.log` and then inspect the parameters. Additionally, monitoring for unusual changes in admin account details or unexpected POST requests from user browsers can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating b2evolution to a version where this CSRF vulnerability is fixed, if available. 2) If an update is not immediately possible, implement additional CSRF protections such as verifying CSRF tokens properly on the server side. 3) Restrict access to the admin interface to trusted IPs or via VPN to reduce exposure. 4) Educate administrators to avoid visiting untrusted or suspicious websites while logged into the admin panel. 5) Monitor and audit admin account changes regularly to detect unauthorized modifications early. [2, 3]