Arbitrary PHP Code Execution in b2edit.showposts.php

Arbitrary PHP Code Execution in b2edit.showposts.php

CVE-2002-0734 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.

Learn more about our Cis Benchmark Audit For Server Software.