10 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the showstatuses parameter, related to CVE-2013-2945...
CVE-2013-7352
CVE-2013-7352/2945 describe a CSRF-enabled SQL injection in b2evolution and its admin.php show_statuses[] parameter, affecting installations before 4.1.7. The issue allows remote (via CSRF) authenticated admins to run arbitrary SQL commands, potentially hijacking admin actions. Affected product: ...
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...
CVE-2013-2945
CVE-2013-2945 is a SQL injection vulnerability in blogs/admin.php of b2evolution before 4.1.7. The flaw enables remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter; note that this can be leveraged with CSRF to allow remote unauthenticated attack...
b2evolution 4.1.6 - Multiple Vulnerabilities
b2evolution 4.1.6 - Multiple Vulnerabilities Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type:...
b2evolution 4.1.6 - Multiple Vulnerabilities
Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
SQL Injection in b2evolution
Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
b2evolution 4.1.6 SQL Injection Vulnerability
b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities. Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public...
b2evolution 4.1.6 SQL Injection
Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
SQL Injection in b2evolution
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...