CVE-2021-28242

Beschreibung:
SQL Injection in the „evoadm.php“ component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the „cf_name“ parameter when creating a new filter under the „Collections“ tab.

CWE: CWE-77 CWE-400

CVSS-Bewertung
CVSS 2: MEDIUM – 6.5 (Version: 2.0)
CVSS 3: HIGH – 8.8 (Version: 3.1)

Links:

NVD – CVE-2021-28242
CVE – CVE-2021-28242

Link (max. 20) Quelle Tags
https://github.com/b2evolution/b2evolution/issues/109 MISC Issue Tracking Third Party Advisory Third Party Advisory
https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644 MISC Exploit Patch Third Party Advisory Third Party Advisory
http://packetstormsecurity.com/files/162489/b2evolution-7-2-2-SQL-Injection.html MISC Third Party Advisory Third Party Advisory
FEDORA-2021-7ca24ddc86 FEDORA Third Party Advisory
FEDORA-2021-a963f04012 FEDORA
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[kafka-commits] 20210506 [kafka] branch 2.7 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636) MLIST
[kafka-jira] 20210506 [GitHub] [kafka] omkreddy commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-dev] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-commits] 20210506 [kafka] branch 2.8 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636) MLIST
[kafka-jira] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-jira] 20210506 [GitHub] [kafka] omkreddy merged pull request #10636: MINOR: Bump Jersey deps to 2.34 due to CVE-2021-28168 MLIST
[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr closed pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST

Quelle: NVD – CVE-2021-28242
Datum Veröffentlichung: 2021-04-15T14:15Z, Datum letzte Änderung: 2021-05-06T17:15Z