Description

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Remediation

References

CVE-2013-2945

Related Vulnerabilities

WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.22)

Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-8163)

Apache Tomcat Configuration Vulnerability (CVE-2010-4312)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4308)

Severity

Medium

Classification

CVE-2013-2945 CWE-138

Tags

Missing Update Known Vulnerabilities