Description

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

Remediation

References

CVE-2006-6417

Related Vulnerabilities

WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)

Jenkins Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-1999043)

WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)

WordPress Plugin Easy Forms for MailChimp Local File Inclusion (6.0.5.5)

phpMyAdmin Other Vulnerability (CVE-2006-5116)

Severity

High

Classification

CVE-2006-6417

Tags

Missing Update Known Vulnerabilities