Description
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5497)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2079)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (2.5.2.1)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.7.0)