Description

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

Remediation

References

CVE-2006-6417

Related Vulnerabilities

WordPress Plugin Phoenix Media Rename Security Bypass (3.4.2)

RubyGems Improper Input Validation Vulnerability (CVE-2017-0901)

WordPress Plugin zeList Directory Cross-Site Scripting (0.5.11.07)

MySQL CVE-2017-10165 Vulnerability (CVE-2017-10165)

WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)

Severity

High

Classification

CVE-2006-6417

Tags

Missing Update Known Vulnerabilities