CVE-2007-2290 Information

Description

Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php (2) b2categories.php or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.

Reference

http://osvdb.org/35550 http://osvdb.org/35551 http://osvdb.org/35552 http://securityreason.com/securityalert/2632 http://www.securityfocus.com/archive/1/466860/100/0/threaded http://www.securityfocus.com/bid/23659 https://exchange.xforce.ibmcloud.com/vulnerabilities/33884