B2evolution » B2evolution : Security Vulnerabilities, CVEs, (CSRF)
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.
Max CVSS
6.8
EPSS Score
0.21%
Published
2014-04-02
Updated
2014-04-03
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Max CVSS
6.5
EPSS Score
0.18%
Published
2014-04-02
Updated
2017-08-29
2 vulnerabilities found