Description

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

Remediation

References

CVE-2006-6417

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2002-0564)

Joomla Improper Access Control Vulnerability (CVE-2016-9836)

ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0256)

WordPress Plugin simple sort&search Cross-Site Scripting (0.0.3)

WordPress Plugin Events Calendar 'ec_management.class.php' Cross-Site Scripting (6.7.11)

Severity

High

Classification

CVE-2006-6417

Tags

Missing Update Known Vulnerabilities