← back
CVE-2002-0734

CVE-2002-0734

EPSS 7.0%
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21436unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.htmlhttp://cafelog.com/http://www.iss.net/security_center/static/9013.phphttp://www.securityfocus.com/bid/4673