Description

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

Remediation

References

CVE-2013-7352

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7983)

WebLogic CVE-2019-2649 Vulnerability (CVE-2019-2649)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.2.41)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23125)

Severity

Medium

Classification

CVE-2013-7352 CWE-352

Tags

Missing Update Known Vulnerabilities