Description
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Remediation
References
Related Vulnerabilities
WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.11)
PHP Inadequate Encryption Strength Vulnerability (CVE-2020-7069)
Drupal Other Vulnerability (CVE-2006-2833)
ownCloud Improper Authentication Vulnerability (CVE-2016-9463)