Vulnerability Description
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Michel Valdrighi | B2 | 0.6_pre |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.htmlExploitPatchVendor Advisory
- http://cafelog.com/Vendor Advisory
- http://www.iss.net/security_center/static/9013.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4673ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.htmlExploitPatchVendor Advisory
- http://cafelog.com/Vendor Advisory
- http://www.iss.net/security_center/static/9013.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4673ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0734?
CVE-2002-0734 is a vulnerability with a CVSS score of 7.5 (HIGH). b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets th...
How severe is CVE-2002-0734?
CVE-2002-0734 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0734?
Check the references section above for vendor advisories and patch information. Affected products include: Michel Valdrighi B2.