Description
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Private Messages SQL Injection (1.0.1)
MySQL CVE-2021-2171 Vulnerability (CVE-2021-2171)
WordPress Plugin SEO-Dashboard by gutewebsites.de Cross-Site Scripting (1.2.5)
Lighttpd Other Vulnerability (CVE-2007-3949)
WordPress Plugin SE HTML5 Album Audio Player Directory Traversal (1.1.0)