|
Description
|
|
High-Tech Bridge SA has discovered a vulnerability in b2evolution, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed via the "show_statuses[]" GET parameter to admin.php (when "ctrl" is set to "items", "tab" is set to "full", and "blog" is set to a valid blog ID) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires the "restricted" or "normal" access to the administration area (granted to the "Bloggers" group by default) and the "View all blogs" permission (not granted to the "Bloggers" group by default).
The vulnerability is confirmed in version 4.1.6. Prior versions may also be affected.
|
