Vulnerability Description
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Achievo | Achievo | 0.7.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.htmlExploitPatchVendor Advisory
- http://www.achievo.org/lists/2002/Aug/msg00092.html
- http://www.iss.net/security_center/static/9947.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5552ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.htmlExploitPatchVendor Advisory
- http://www.achievo.org/lists/2002/Aug/msg00092.html
- http://www.iss.net/security_center/static/9947.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5552ExploitPatchVendor Advisory
FAQ
What is CVE-2002-1435?
CVE-2002-1435 is a vulnerability with a CVSS score of 7.5 (HIGH). class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_...
How severe is CVE-2002-1435?
CVE-2002-1435 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1435?
Check the references section above for vendor advisories and patch information. Affected products include: Achievo Achievo.