Arbitrary PHP Code Execution in b2edit.showposts.php
CVE-2002-0734 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
Learn more about our Cis Benchmark Audit For Server Software.