CVE-2007-2358
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used
** IMPUGNADA ** Múltiples vulnerabilidades de inclusión remota de archivo en PHP en b2evolution permiten a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro (1) inc_path de (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, y (g) multiblogs.php en blogs/; los parámetros (2) view_path y (3) control_path de blogs/admin.php; y el parámetro (4) skins_path de (h) blogs/contact.php y (i) blogs/multiblogs.php. NOTA: este problema está impugnado por CVE, puesto que las variables inc_path, view_path, control_path, y skins_path se inicializan todas en conf/_advanced.php antes de ser utilizadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-04-30 CVE Reserved
- 2007-04-30 CVE Published
- 2024-03-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://attrition.org/pipermail/vim/2007-April/001566.html | Mailing List | |
http://osvdb.org/35609 | Vdb Entry | |
http://www.osvdb.org/34152 | Vdb Entry | |
http://www.securityfocus.com/archive/1/466886/100/0/threaded | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/33907 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
B2evolution Search vendor "B2evolution" | B2evolution Search vendor "B2evolution" for product "B2evolution" | * | - |
Affected
|