PT-2003-1182 · Achievo · Achievo

Published

2003-04-11

Updated

2008-09-05

CVE-2002-1435

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Achievo versions 0.7.0 through 0.9.1, except version 0.8.2

Description The issue allows remote attackers to execute arbitrary PHP code when the 'allow url fopen' setting is enabled. This is achieved via a URL in the config atkroot parameter that points to the code.

Recommendations For Achievo versions 0.7.0 through 0.9.1, except version 0.8.2, consider disabling the allow url fopen setting to prevent exploitation. Additionally, restrict access to the config atkroot parameter to minimize the risk of arbitrary PHP code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1435

Affected Products

Achievo

PT-2003-1182 · Achievo · Achievo

CVE-2002-1435

Related Identifiers

Affected Products

References · 6