B2evolution@4.1.3 Security Vulnerabilities and Issues — B2evolution@4.1.3 CVE List

Lucene search

B2evolutionB2evolution4.1.3

4 matches found

CVE•added 2014/04/02 4:17 p.m.•47 views

CVE-2013-2945

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL comman...

6.5CVSS8.1AI score0.01572EPSS

Web

CVE•added 2012/11/17 9:55 p.m.•42 views

CVE-2012-5911

Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.

4.3CVSS5.9AI score0.00475EPSS

CVE•added 2012/11/17 9:55 p.m.•41 views

CVE-2012-5910

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.

6.5CVSS8.2AI score0.00601EPSS

Web

CVE•added 2014/04/02 6:55 p.m.•41 views

CVE-2013-7352

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

6.8CVSS8AI score0.01572EPSS

Web