Description

SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.

Remediation

References

CVE-2021-28242

Related Vulnerabilities

WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.9)

WordPress Plugin wpCentral Security Bypass (1.4.7)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Cross-Site Request Forgery (3.1.0)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5323)

Oracle JRE CVE-2013-2473 Vulnerability (CVE-2013-2473)

Severity

High

Classification

CVE-2021-28242 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities