Description
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.
Remediation
References
Related Vulnerabilities
WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)
Oracle JRE Cryptographic Issues Vulnerability (CVE-2012-2739)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.6)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)