Published: 02/04/2014 Updated: 29/08/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in blogs/admin.php in b2evolution prior to 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQL commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
b2evolution b2evolution 4.1.5
b2evolution b2evolution 4.1.4
b2evolution b2evolution 4.1.3
b2evolution b2evolution 4.1.2
b2evolution b2evolution
b2evolution b2evolution 4.1.1
b2evolution b2evolution 4.1.0

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Version(s): 416 and probably prior Tested Version: 416 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-2945 Risk Level: Medium CVSSv2 Base Score: 5 ...

b2evolution version 416 suffers from remote SQL injection and cross site request forgery vulnerabilities ...

CWE-89 https://www.htbridge.com/advisory/HTB23152 http://packetstormsecurity.com/files/121481/b2evolution-4.1.6-SQL-Injection.html http://b2evolution.net/news/2013/04/29/b2evolution-4-1-7-and-5-0-3 http://osvdb.org/92905 http://archives.neohapsis.com/archives/bugtraq/2013-05/0004.html http://www.securityfocus.com/bid/59599 https://exchange.xforce.ibmcloud.com/vulnerabilities/83950 https://nvd.nist.gov https://www.exploit-db.com/exploits/25298/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2945

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect