Description

Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.

Remediation

References

CVE-2007-2681

Related Vulnerabilities

Python Incorrect Conversion between Numeric Types Vulnerability (CVE-2008-1721)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)

Oracle Database Server CVE-2007-2117 Vulnerability (CVE-2007-2117)

WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block Cross-Site Scripting (2.5.18)

WordPress Plugin Coming Soon & Maintenance Mode Page Cross-Site Request Forgery (1.57)

Severity

High

Classification

CVE-2007-2681

Tags

Missing Update Known Vulnerabilities