CSRF Vulnerability in b2evolution Blogs/Admin.php Allows SQL Injection (CVE-2013-2945)

CVE-2013-7352 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.