Statusnet · Statusnet · CVE-2013-4137
**Name of the Vulnerable Software and Affected Versions**
StatusNet versions 1.0 through 1.0.1
StatusNet version 1.1.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is possible via vectors related to user lists and a particular tag format.
**Recommendations**
For StatusNet versions 1.0 through 1.0.1, update to version 1.0.2 or later.
For StatusNet version 1.1.0, update to a version later than 1.1.0.