CVE-2007-2290 - Vulnerability Details - OpenCVE

Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cafelog	B2

Configuration 1 [-]

cpe:2.3:a:cafelog:b2:0.6.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/35550
http://osvdb.org/35551
http://osvdb.org/35552
http://securityreason.com/securityalert/2632
http://www.securityfocus.com/archive/1/466860/100/0/threaded
http://www.securityfocus.com/bid/23659
https://exchange.xforce.ibmcloud.com/vulnerabilities/33884

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-26T19:00:00

Updated: 2024-08-07T13:33:28.555Z

Reserved: 2007-04-26T00:00:00

Link: CVE-2007-2290

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-26T19:19:00.000

Modified: 2024-11-21T00:30:24.910

Link: CVE-2007-2290

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35550", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35550"}, {"name": "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded"}, {"name": "23659", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23659"}, {"name": "2632", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2632"}, {"name": "35551", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35551"}, {"name": "35552", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35552"}, {"name": "b2-b2inc-file-include(33884)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2290", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35550", "refsource": "OSVDB", "url": "http://osvdb.org/35550"}, {"name": "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded"}, {"name": "23659", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23659"}, {"name": "2632", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2632"}, {"name": "35551", "refsource": "OSVDB", "url": "http://osvdb.org/35551"}, {"name": "35552", "refsource": "OSVDB", "url": "http://osvdb.org/35552"}, {"name": "b2-b2inc-file-include(33884)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.555Z"}, "title": "CVE Program Container", "references": [{"name": "35550", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35550"}, {"name": "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded"}, {"name": "23659", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23659"}, {"name": "2632", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2632"}, {"name": "35551", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35551"}, {"name": "35552", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35552"}, {"name": "b2-b2inc-file-include(33884)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2290", "datePublished": "2007-04-26T19:00:00", "dateReserved": "2007-04-26T00:00:00", "dateUpdated": "2024-08-07T13:33:28.555Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cafelog:b2:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "246847D0-C599-43E1-A9BA-2DB7CBEEBBC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en B2 Weblog y News Publishing Tool 0.6.1 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1metro b2inc en (1) b2archives.php, (2) b2categories.php, o (3) b2mail.php. NOTA: esto podr\u00eda estar solapado con CVE-2002-1466."}], "id": "CVE-2007-2290", "lastModified": "2024-11-21T00:30:24.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-26T19:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35550"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35551"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35552"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2632"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23659"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35551"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}