Description

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

Remediation

References

CVE-2013-7352

Related Vulnerabilities

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

Oracle JRE Cryptographic Issues Vulnerability (CVE-2012-2739)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.6)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (3.7.9.2)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)

Severity

Medium

Classification

CVE-2013-7352 CWE-352

Tags

Missing Update Known Vulnerabilities