Lucene search
K

10 matches found

Prion
Prion
added 2014/04/02 6:55 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the showstatuses parameter, related to CVE-2013-2945...

6.8CVSS8.6AI score0.02771EPSS
Exploits6References5Affected Software1
CVE
CVE
added 2014/04/02 6:0 p.m.51 views

CVE-2013-7352

CVE-2013-7352/2945 describe a CSRF-enabled SQL injection in b2evolution and its admin.php show_statuses[] parameter, affecting installations before 4.1.7. The issue allows remote (via CSRF) authenticated admins to run arbitrary SQL commands, potentially hijacking admin actions. Affected product: ...

6.8CVSS8AI score0.00633EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2014/04/02 4:17 p.m.38 views

CVE-2013-2945

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

6.5CVSS8AI score0.02771EPSS
Exploits5References7
CVE
CVE
added 2014/04/02 3:0 p.m.61 views

CVE-2013-2945

CVE-2013-2945 is a SQL injection vulnerability in blogs/admin.php of b2evolution before 4.1.7. The flaw enables remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter; note that this can be leveraged with CSRF to allow remote unauthenticated attack...

6.5CVSS8.1AI score0.02771EPSS
Exploits5References7Affected Software1
exploitpack
exploitpack
added 2013/05/07 12:0 a.m.35 views

b2evolution 4.1.6 - Multiple Vulnerabilities

b2evolution 4.1.6 - Multiple Vulnerabilities Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type:...

6.5CVSS0.3AI score0.02771EPSS
Exploits5
Exploit DB
Exploit DB
added 2013/05/07 12:0 a.m.56 views

b2evolution 4.1.6 - Multiple Vulnerabilities

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS6.4AI score0.02771EPSS
Exploits5
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.58 views

SQL Injection in b2evolution

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS8.1AI score0.02771EPSS
Exploits5
0day.today
0day.today
added 2013/05/02 12:0 a.m.69 views

b2evolution 4.1.6 SQL Injection Vulnerability

b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities. Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public...

6.5CVSS0.3AI score0.02771EPSS
Exploits5
Packet Storm
Packet Storm
added 2013/05/01 12:0 a.m.70 views

b2evolution 4.1.6 SQL Injection

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS0.1AI score0.02771EPSS
Exploits5
htbridge
htbridge
added 2013/04/10 12:0 a.m.37 views

SQL Injection in b2evolution

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...

5.1CVSS0.7AI score0.02771EPSS
Exploits5Affected Software1
Rows per page
Query Builder