Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7352

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-7352
Last Modified 03 Apr 2014 11:36:02
Published 02 Apr 2014 02:55:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7352

Summary

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

Vulnerable Systems

Application

  • B2evolution 4.1.0

  • B2evolution 4.1.1

  • B2evolution 4.1.2

  • B2evolution 4.1.3

  • B2evolution 4.1.4

  • B2evolution 4.1.5

  • B2evolution 4.1.6


References

MISC - https://www.htbridge.com/advisory/HTB23152

MISC - http://packetstormsecurity.com/files/121481/b2evolution-4.1.6-SQL-Injection.html

OSVDB - 92906

MISC - http://b2evolution.net/news/2013/04/29/b2evolution-4-1-7-and-5-0-3

BUGTRAQ - 20130501 SQL Injection in b2evolution


Last Updated: 27 May 2016 11:04:51