Description
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium SQL Injection (15.5.1)
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-2019)
Atlassian Jira Improper Privilege Management Vulnerability (CVE-2018-13400)
PHP Other Vulnerability (CVE-2007-1396)
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.353)