SQL Injection Vulnerability in b2evolution by b2evolution
CVE-2013-2945

Currently unrated

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
2 April 2014

What is CVE-2013-2945?

A SQL injection vulnerability exists in the blogs/admin.php file of b2evolution prior to version 4.1.7. This flaw allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. An attacker can exploit this vulnerability through Cross-Site Request Forgery (CSRF) techniques, enabling them to execute SQL commands without authentication, posing a significant risk to the integrity and security of the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://archives.neohapsis.com/archives/bugtraq/2013-05/00...
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/83950
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/59599
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.