MidnightBSD

Advisories for php_evolution

CVE-2002-2249 HIGH

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
php_evolution news_evolution 2.0
php_evolution news_evolution 1.0