Description
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Remediation
References
Related Vulnerabilities
WordPress Plugin Filtre de Surveillance Gouvernemental Cross-Site Scripting (1.1)
Oracle JRE CVE-2013-2443 Vulnerability (CVE-2013-2443)
WordPress Plugin Rockhoist Badges Cross-Site Scripting (1.2.2)
WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) Unspecified Vulnerability (4.8)