PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| A_ux | Apple | * | * |
| Mac_os_x | Apple | * | * |
| Hp-ux | Hp | * | * |
| Tru64 | Hp | * | * |
| Os2 | Ibm | * | * |
| Linux_kernel | Linux | * | * |
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | * | * |
| Windows_95 | Microsoft | * | * |
| Windows_98 | Microsoft | * | * |
| Windows_98se | Microsoft | * | * |
| Windows_me | Microsoft | * | * |
| Windows_nt | Microsoft | 4.0 (including) | 4.0 (including) |
| Windows_xp | Microsoft | * | * |
| Sco_unix | Santa_cruz_operation | * | * |
| Solaris | Sun | * | * |
| Bsdos | Windriver | * | * |
References
- http://osvdb.org/37919
- http://www.securityfocus.com/bid/23992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34305
- https://www.exploit-db.com/exploits/3928
- http://osvdb.org/37919
- http://www.securityfocus.com/bid/23992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34305
- https://www.exploit-db.com/exploits/3928