Description

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Remediation

References

CVE-2013-2945

Related Vulnerabilities

Oracle Database Server CVE-2008-0347 Vulnerability (CVE-2008-0347)

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)

WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)

WordPress Plugin Featured Content 'param' Parameter Cross-Site Scripting (0.0.1)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)

Severity

Medium

Classification

CVE-2013-2945 CWE-138

Tags

Missing Update Known Vulnerabilities