Description
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)
Joomla Other Vulnerability (CVE-2006-6833)
SharePoint CVE-2021-31964 Vulnerability (CVE-2021-31964)
GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528)
WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58)