WEB APPLICATION VULNERABILITIES Standard & Premium

b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2945)

Description

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Remediation

References

Related Vulnerabilities

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-34265)

WordPress Plugin WP Popups-WordPress Popup builder Cross-Site Scripting (2.1.4.6)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7880)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.9)

Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117)

Severity

Medium

Classification

CVE-2013-2945 CWE-138

Tags

Missing Update Known Vulnerabilities