Cross-Site Request Forgery in b2evolution Affects Admin Authentication
CVE-2013-7352

Currently unrated

Key Information:

Vendor: B2evolution
Status: B2evolution
Vendor: CVE Published:; 2 April 2014

🔔 Create B2evolution Vulnerability Alert

What is CVE-2013-7352?

A Cross-Site Request Forgery (CSRF) vulnerability is present in the b2evolution application prior to version 4.1.7. This weakness allows remote attackers to execute unauthorized actions on behalf of an authenticated administrator. By manipulating requests through the 'show_statuses[]' parameter, attackers can trigger SQL injection attacks, effectively hijacking administrative sessions and potentially compromising sensitive data. It is crucial for users of affected versions to apply the latest updates to safeguard their applications.

References

http://osvdb.org/show/osvdb/92906

vdb-entryx_refsource_OSVDB

http://archives.neohapsis.com/archives/bugtraq/2013-05/00...

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/121481/b2evolution-4...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 2, 2014

JSON