Описание
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| b2evolution | unfixed | package |
Примечания
This is a register_globals=on issue.
More than just blogs/index.php is affected (that file isn't
installed by the Debian package).
Связанные уязвимости
nvd
больше 18 лет назад
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
github
больше 3 лет назад
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.