CVE-2021-47800 in b2evolution
Summary
by MITRE • 01/16/2026
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/16/2026
The CVE-2021-47800 vulnerability represents a critical cross-site request forgery flaw in b2evolution version 7.2.2 that undermines the application's authentication mechanisms and administrative security controls. This vulnerability resides within the web application's handling of administrative account modifications, where proper authentication checks are bypassed, allowing unauthorized modifications to occur through crafted malicious requests. The vulnerability specifically targets the administrative user profile management functionality, creating a dangerous attack vector that can compromise the integrity of administrative accounts.
This CSRF vulnerability stems from the application's failure to implement proper request validation mechanisms that would ensure administrative actions originate from legitimate authenticated sources. The flaw enables attackers to construct malicious HTML forms that automatically submit unauthorized changes to user profiles when victims visit compromised web pages. The vulnerability operates by leveraging the victim's existing authenticated session with the vulnerable application, making it particularly dangerous as it requires no credentials from the attacker. The malicious HTML form can contain hidden input fields that submit administrative commands to the application's backend, effectively allowing the attacker to modify account details without proper authorization.
The operational impact of this vulnerability extends beyond simple profile modifications, as administrative accounts typically possess elevated privileges and access to sensitive system functions. An attacker exploiting this vulnerability could potentially alter administrative credentials, modify user permissions, access restricted content, or even escalate privileges within the application's security model. The attack requires minimal technical skill to execute, as it relies on social engineering techniques to trick victims into loading malicious web content. This makes the vulnerability particularly dangerous in environments where users frequently browse untrusted websites or receive malicious email attachments that could contain the malicious HTML payloads.
From a security standards perspective, this vulnerability maps directly to CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in web applications. The flaw demonstrates a critical failure in the application's implementation of the principle of least privilege, where administrative functions should require explicit authentication and authorization before execution. The vulnerability also aligns with ATT&CK technique T1531, which covers "Modify System Image" through the manipulation of administrative account settings. Organizations utilizing b2evolution 7.2.2 should immediately implement mitigations including the deployment of anti-CSRF tokens in all administrative forms, proper validation of request origins, and implementation of Content Security Policy headers to prevent unauthorized script execution.
The recommended remediation approach involves implementing robust anti-CSRF mechanisms that generate unique tokens for each administrative session and validate these tokens before processing any administrative requests. Additionally, the application should validate the Referer header and implement proper SameSite cookie attributes to prevent cross-origin requests from being automatically submitted. Security headers should be configured to restrict the execution of malicious scripts and prevent unauthorized cross-origin resource sharing. Organizations should also consider implementing additional monitoring and logging of administrative activities to detect unauthorized modifications. The vulnerability serves as a reminder of the critical importance of implementing comprehensive security controls for administrative functions and the necessity of regular security assessments to identify and remediate similar weaknesses in web applications.