b2evolution Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2013-7352 - Vulnerability Database

b2evolution Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2013-7352

Medium

Reference: CVE-2013-7352

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-7352

Title: b2evolution Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses parameter related to CVE-2013-2945.