mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-05 14:31:03 +00:00
804 B
804 B
CVE-2013-2945
Description
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
POC
Reference
Github
No PoCs found on GitHub currently.