Vulnerabilities > B2Evolution > B2Evolution > 4.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-02 | CVE-2013-7352 | Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945. | 6.8 |
| 2014-04-02 | CVE-2013-2945 | SQL Injection vulnerability in B2Evolution SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. | 6.5 |