CVE-2013-7352

CVE-2013-7352/2945 describe a CSRF-enabled SQL injection in b2evolution and its admin.php show_statuses[] parameter, affecting installations before 4.1.7. The issue allows remote (via CSRF) authenticated admins to run arbitrary SQL commands, potentially hijacking admin actions. Affected product: ...

CVE-2013-2945

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

Sql injection

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

CVE-2013-2945

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

CVE-2013-2945

CVE-2013-2945 is a SQL injection vulnerability in blogs/admin.php of b2evolution before 4.1.7. The flaw enables remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter; note that this can be leveraged with CSRF to allow remote unauthenticated attack...

b2evolution CMS 5.0.6 - XSS & FPD Vulnerabilities

Latest b2evolution CMS suffers on multiple Full Path Disclosure and Cross Site Scripting vulnerabilities. Title: b2evolution CMS 5.0.6 - XSS & FPD Version: 5.0.6 Latest ATM Vendor: b2evolution.net - en.wikipedia.org/wiki/B2evolution Demo: demo3.b2evolution.net Date: 01.25.2014 Contact:...

b2evolution 4.1.6 - Multiple Vulnerabilities

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

b2evolution 4.1.6 - Multiple Vulnerabilities

b2evolution 4.1.6 - Multiple Vulnerabilities Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type:...

SQL Injection in b2evolution

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

b2evolution 4.1.6 SQL Injection Vulnerability

b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities. Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public...

b2evolution 4.1.6 SQL Injection

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

SQL Injection in b2evolution

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...

CVE-2012-5910

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...

CVE-2012-5911

Cross-site scripting XSS vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body...

Cross site scripting

Cross-site scripting XSS vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body...

CVE-2012-5911

Cross-site scripting XSS vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body...

CVE-2012-5911

CVE-2012-5911: XSS in b2evolution 4.1.3 (blogs/blog1.php) allows remote attackers to inject arbitrary script via the message body. No remediation details are provided in the supplied documents.

B2Evolution CMS 4.1.3 - Multiple Web Vulnerabilities

Document Title: =============== B2Evolution CMS 4.1.3 - Multiple Web Vulnerabilities References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=482 Release Date: ============= 2012-03-28 Vulnerability Laboratory ID VL-ID: ==================================== 482 Produc...

CVE-2011-3709

CVE-2011-3709 affects b2evolution 3.3.3. The vulnerability is information disclosure via a direct request to a PHP file, which leaks the installation path in an error message (example: locales/ru_RU/ru-RU.locale.php). This is a server-side path disclosure vulnerability that allows remote attacker...

b2evolution 4.0.5 (default.php) Remote File inclusion Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...