CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1435

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.058

EPSS Ranking 90.0%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2002-1435

Achievo » Achievo » Version: 0.7.0

cpe:2.3:a:achievo:achievo:0.7.0
Achievo » Achievo » Version: 0.7.1

cpe:2.3:a:achievo:achievo:0.7.1
Achievo » Achievo » Version: 0.7.2

cpe:2.3:a:achievo:achievo:0.7.2
Achievo » Achievo » Version: 0.7.3

cpe:2.3:a:achievo:achievo:0.7.3
Achievo » Achievo » Version: 0.8.0

cpe:2.3:a:achievo:achievo:0.8.0
Achievo » Achievo » Version: 0.8.0_rc1

cpe:2.3:a:achievo:achievo:0.8.0_rc1
Achievo » Achievo » Version: 0.8.0_rc2

cpe:2.3:a:achievo:achievo:0.8.0_rc2
Achievo » Achievo » Version: 0.8.1

cpe:2.3:a:achievo:achievo:0.8.1
Achievo » Achievo » Version: 0.9.0

cpe:2.3:a:achievo:achievo:0.9.0
Achievo » Achievo » Version: 0.9.1

cpe:2.3:a:achievo:achievo:0.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1435

Products

Pricing

Contact Us