Description

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.

Remediation

References

CVE-2012-5910

Related Vulnerabilities

MySQL CVE-2021-35633 Vulnerability (CVE-2021-35633)

WordPress Plugin Default Thumbnail Plus Arbitrary File Upload (1.0.2.3)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4113)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)

Oracle Database Server CVE-2016-0499 Vulnerability (CVE-2016-0499)

Severity

Medium

Classification

CVE-2012-5910 CWE-138

Tags

Missing Update Known Vulnerabilities