4 matches found
CVE-2007-2290
CVE-2007-2290 affects B2 Weblog and News Publishing Tool 0.6.1. It describes multiple PHP remote file inclusion vulnerabilities that allow remote attackers to execute arbitrary PHP code by supplying a URL in the b2inc parameter to one of three scripts: b2archives.php, b2categories.php, or b2mail....
CVE-2002-1466
The CVE-2002-1466 entry affects CafeLog b2 Weblog Tool 2.06pre4 when allow_fopen_url is enabled. The vulnerability allows remote attackers to execute arbitrary PHP code via the b2inc variable, enabling full compromise of affected installations. The root cause is the ability to reference or includ...
CVE-2002-1465
The CVE-2002-1465 entry describes an SQL injection in CafeLog b2 Weblog Tool, exploitable remotely through the tablehosts parameter. The affected component is a web-based weblog tool; the underlying issue is improper input handling that allows arbitrary SQL execution. Impact is partial confidenti...
CVE-2002-1464
CVE-2002-1464 describes a cross-site scripting (XSS) vulnerability in the CafeLog b2 Weblog Tool. The affected component is the CafeLog b2 Weblog Tool, and the root cause is improper handling of user-supplied data in the GPC variable, enabling remote attackers to inject arbitrary HTML or script. ...