Description
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin MailPoet Newsletters (Previous) Multiple Vulnerabilities (2.7.2)
WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.4)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2001-1247)