SQL Injection Vulnerability in b2evolution by b2evolution
CVE-2013-2945

Currently unrated

Key Information:

Vendor: B2evolution
Status: B2evolution
Vendor: CVE Published:; 2 April 2014

🔔 Create B2evolution Vulnerability Alert

What is CVE-2013-2945?

A SQL injection vulnerability exists in the blogs/admin.php file of b2evolution prior to version 4.1.7. This flaw allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. An attacker can exploit this vulnerability through Cross-Site Request Forgery (CSRF) techniques, enabling them to execute SQL commands without authentication, posing a significant risk to the integrity and security of the database.

References

http://archives.neohapsis.com/archives/bugtraq/2013-05/00...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/83950

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/59599

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 2, 2014
Vulnerability Reserved
Apr 11, 2013

JSON