Description
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.
Remediation
References
Related Vulnerabilities
Internet Information Services Integer Overflow or Wraparound Vulnerability (CVE-2008-1446)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130)
Plupload Cross-site Scripting (XSS) Vulnerability (CVE-2016-4566)
WordPress Plugin WP-Testimonials SQL Injection (3.4.1)
WordPress Plugin MaxBlogPress Max Banner Ads Cross-Site Scripting (1.9)