QwikSec

Security Database

CVE

CWE

Training

CVE-2013-7352

Published: Apr 2, 2014

Modified: Sep 16, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

20130501 SQL Injection in b2evolution

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/121481/b2evolution-4.1.6-SQL-Injection.html

x_refsource_MISC

http://b2evolution.net/news/2013/04/29/b2evolution-4-1-7-and-5-0-3

x_refsource_MISC

https://www.htbridge.com/advisory/HTB23152

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.