b2evolution Other Vulnerability - CVE-2007-2358

DISPUTED Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php (b) a_stub.php (c) admin.php (d) contact.php (e) default.php (f) index.php and (g) multiblogs.php in blogs/ the (2) view_path and (3) control_path parameters to blogs/admin.php and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE since the inc_path view_path control_path and skins_path variables are all initialized in conf/_advanced.php before they are used.