Description
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Remediation
References
Related Vulnerabilities
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2603)
WordPress Plugin SoundPress Cross-Site Scripting (2.2.6)
Liferay Portal CVE-2022-42126 Vulnerability (CVE-2022-42126)
WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)