Lucene search
MitreCVELIST:CVE-2013-2945HistoryApr 02, 2014 - 3:00 p.m.
CVE-2013-2945
2014-04-0215:00:00
mitre
www.cve.org
4
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
References
archives.neohapsis.com/archives/bugtraq/2013-05/0004.html
b2evolution.net/news/2013/04/29/b2evolution-4-1-7-and-5-0-3
osvdb.org/92905
packetstormsecurity.com/files/121481/b2evolution-4.1.6-SQL-Injection.html
www.securityfocus.com/bid/59599
exchange.xforce.ibmcloud.com/vulnerabilities/83950
www.htbridge.com/advisory/HTB23152
Related
packetstorm
packetstorm
b2evolution 4.1.6 SQL Injection
2013-05-01 00:00:00
cve
cve
CVE-2013-2945
2014-04-02 16:17:06
CVE-2013-7352
2014-04-02 18:55:21
prion
prion
Sql injection
2014-04-02 16:17:00
Cross site request forgery (csrf)
2014-04-02 18:55:00
htbridge
htbridge
SQL Injection in b2evolution
2013-04-10 00:00:00
nvd
nvd
CVE-2013-2945
2014-04-02 16:17:06
CVE-2013-7352
2014-04-02 18:55:21
securityvulns
securityvulns
SQL Injection in b2evolution
2013-05-06 00:00:00
exploitdb
exploitdb
b2evolution 4.1.6 - Multiple Vulnerabilities
2013-05-07 00:00:00
exploitpack
exploitpack
b2evolution 4.1.6 - Multiple Vulnerabilities
2013-05-07 00:00:00
zdt
zdt
b2evolution 4.1.6 SQL Injection Vulnerability
2013-05-02 00:00:00
cvelist
cvelist
CVE-2013-7352
2014-04-02 18:00:00