Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1435

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1435
Last Modified 05 Sep 2008 04:30:35
Published 11 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1435

Summary

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.

Vulnerable Systems

Application

  • Achievo 0.7.0

  • Achievo 0.7.1

  • Achievo 0.7.2

  • Achievo 0.7.3

  • Achievo 0.8.0

  • Achievo 0.8.0 Rc1

  • Achievo 0.8.0 Rc2

  • Achievo 0.8.1

  • Achievo 0.9.0

  • Achievo 0.9.1


References

BID - 5552

XF - achievo-php-execute-code(9947)

BUGTRAQ - 20020822 Arbitrary code execution problem in Achievo

CONFIRM - http://www.achievo.org/lists/2002/Aug/msg00092.html


Last Updated: 27 May 2016 10:37:20