Description

Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.

Remediation

References

CVE-2007-2681

Related Vulnerabilities

WordPress Plugin Filter & Grids Local File Inclusion (2.8.32)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-2745)

WordPress Plugin TAuto Poster includes Backdoor [Only if downloaded via the vendor website] (1.4.5)

WordPress Plugin Tickera-WordPress Event Ticketing Security Bypass (3.4.9.1)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)

Severity

High

Classification

CVE-2007-2681

Tags

Missing Update Known Vulnerabilities