PT-2003-1182 · Achievo · Achievo
Publicado
2003-04-11
·
Atualizado
2008-09-05
·
CVE-2002-1435
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Achievo versions 0.7.0 through 0.9.1, except version 0.8.2
Description
The issue allows remote attackers to execute arbitrary PHP code when the 'allow url fopen' setting is enabled. This is achieved via a URL in the
config atkroot parameter that points to the code.Recommendations
For Achievo versions 0.7.0 through 0.9.1, except version 0.8.2, consider disabling the
allow url fopen setting to prevent exploitation. Additionally, restrict access to the config atkroot parameter to minimize the risk of arbitrary PHP code execution.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Achievo