Description
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.
Remediation
References
Related Vulnerabilities
WordPress Plugin JupiterX Core Privilege Escalation (2.0.7)
WordPress Plugin Post Connector Cross-Site Scripting (1.0.3)
WordPress Plugin G Auto-Hyperlink SQL Injection (1.0.1)
PHP Other Vulnerability (CVE-2006-4483)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)