Back to search
CVE-2002-0734
Published: Apr 2, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://cafelog.com/
x_refsource_CONFIRM
4673
vdb-entry
x_refsource_BID
b2-b2inc-command-execution(9013)
vdb-entry
x_refsource_XF
20020506 b2 php remote command execution
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now