CVE-2002-2249 – News Evolution 1.0/2.0 - Include Undefined Variable Command Execution

https://notcve.org/view.php?id=CVE-2002-2249

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. • https://www.exploit-db.com/exploits/22048 http://marc.info/?l=bugtraq&m=103835200230127&w=2 http://www.securityfocus.com/bid/6260 https://exchange.xforce.ibmcloud.com/vulnerabilities/10709 • CWE-94: Improper Control of Generation of Code ('Code Injection') •