CVE-2007-2358

Name of the Vulnerable Software and Affected Versions b2evolution (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the inc path parameter to various PHP files in the blogs directory, the view path and control path parameters to blogs/admin.php, and the skins path parameter to blogs/contact.php and blogs/multiblogs.php. However, it is noted that the inc path, view path, control path, and skins path variables are initialized in conf/ advanced.php before they are used, which disputes the severity of this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.