Cross-Site Request Forgery in b2evolution Affects Admin Authentication
CVE-2013-7352

Currently unrated

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
2 April 2014

What is CVE-2013-7352?

A Cross-Site Request Forgery (CSRF) vulnerability is present in the b2evolution application prior to version 4.1.7. This weakness allows remote attackers to execute unauthorized actions on behalf of an authenticated administrator. By manipulating requests through the 'show_statuses[]' parameter, attackers can trigger SQL injection attacks, effectively hijacking administrative sessions and potentially compromising sensitive data. It is crucial for users of affected versions to apply the latest updates to safeguard their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/show/osvdb/92906
vdb-entryx_refsource_OSVDB
http://archives.neohapsis.com/archives/bugtraq/2013-05/00...
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/121481/b2evolution-4...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.