B2Evolution Title SQL Injection Network Vulnerability

Summary

The remote host is running b2evolution, a blog engine written in PHP. There is an SQL injection vulnerability in the remote version of this software which may allow an attacker to execute arbitrary SQL statements against the remote database by providing a malformed value to the 'title' argument of index.php.

Solution

None at this time

References

http://osvdb.org/12717
http://secunia.com/advisories/13718
http://securitytracker.com/id?1012797
http://xforce.iss.net/xforce/xfdb/18762

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActivePerl perlIS.dll Buffer Overflow
Advantech WebAccess Multiple Vulnerabilities
Apache Archiva Multiple Remote Command Execution Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Baby Gekko CMS Multiple Vulnerabilities

b2Evolution title SQL Injection

Take action and discover your vulnerabilities