CVE-2007-2358 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php (b) a_stub.php (c) admin.php (d) contact.php (e) default.php (f) index.php and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE since the inc_path view_path control_path and skins_path variables are all initialized in conf/_advanced.php before they are used.

Reference

http://attrition.org/pipermail/vim/2007-April/001566.html http://osvdb.org/35609 http://www.osvdb.org/34152 http://www.securityfocus.com/archive/1/466886/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33907