#2 Jun 25, 2018 15:56
This is a bogus report. b2evolution is configured by default so that Admin (and Admin only) can upload PHP files. It is NOT a security issue that Admin can upload PHP files. If you think it is , you can easily disable this in the backoffice.