Description
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cart All In One For WooCommerce Cross-Site Request Forgery (1.1.10)
WordPress Plugin GigPress Multiple SQL Injection Vulnerabilities (2.3.8)
Next.js URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15242)
WordPress Plugin Snow Monkey Forms Directory Traversal (5.1.1)