Description

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Remediation

References

CVE-2013-2945

Related Vulnerabilities

WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6)

WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.11)

PHP Inadequate Encryption Strength Vulnerability (CVE-2020-7069)

Drupal Other Vulnerability (CVE-2006-2833)

ownCloud Improper Authentication Vulnerability (CVE-2016-9463)

Severity

Medium

Classification

CVE-2013-2945 CWE-138

Tags

Missing Update Known Vulnerabilities