Vulnerabilities > CVE-2002-0734 - Remote Command Execution vulnerability in Michel Valdrighi B2 0.6Pre
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | B2 0.6 b2edit.showposts.php b2inc Parameter Remote File Inclusion. CVE-2002-0734 . Webapps exploit for php platform |
id | EDB-ID:21436 |
last seen | 2016-02-02 |
modified | 2002-05-06 |
published | 2002-05-06 |
reporter | Frank |
source | https://www.exploit-db.com/download/21436/ |
title | B2 0.6 b2edit.showposts.php b2inc Parameter Remote File Inclusion |