CVE-2013-2945

Published Apr 2, 2014

Last updated 3 months ago

CVSS info 6.5

Overview

Description: SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B95D379-00DA-41FA-BD90-7A298DC799FD",
            "versionEndIncluding": "4.1.6"
          },
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "744254C5-B523-4B8F-93B4-BE440F45D0FC"
          },
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5634AF1D-1F2F-41A0-8799-128FD246A55F"
          },
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD69355B-C450-46E8-B693-8AA3A44BD73C"
          },
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:4.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1C718A7-E2EB-4881-98D4-919A32C17DF4"
          },
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:4.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39CF7F8F-F078-413E-B36D-268703DC185B"
          },
          {
            "criteria": "cpe:2.3:a:b2evolution:b2evolution:4.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2F17ABF-1DBB-4C68-BB91-A1FC2F6AA0A6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References