SQL Injection Vulnerability in b2evolution CMS by b2evolution
CVE-2012-5910

Currently unrated

Key Information:

Vendor: B2evolution
Status: B2evolution
Vendor: CVE Published:; 17 November 2012

🔔 Create B2evolution Vulnerability Alert

What is CVE-2012-5910?

A SQL injection vulnerability exists in the viewfile.php component of b2evolution 4.1.3. This security flaw allows remote authenticated users to execute arbitrary SQL commands via the 'root' parameter, potentially leading to unauthorized data manipulation and exposure. It highlights the importance of implementing proper input validation and employing security best practices to mitigate risks associated with SQL injections.

References

http://osvdb.org/80671

vdb-entryx_refsource_OSVDB

http://packetstormsecurity.org/files/111294/B2Evolution-C...

x_refsource_MISC

http://www.securityfocus.com/bid/52783

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 17, 2012
Vulnerability Reserved
Nov 17, 2012

JSON