Description
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023017
Exploit x_refsource_misc
http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt
Not Applicable x_refsource_confirm
http://www.achievo.org/download/releasenotes/1_4_0
Scores
EPSS
0.0291
EPSS Percentile
86.4%
Details
CWE
CWE-94
Status
published
Products (21)
achievo/achievo
0.7.0
achievo/achievo
0.7.1
achievo/achievo
0.7.2
achievo/achievo
0.7.3
achievo/achievo
0.8.0 (3 CPE variants)
achievo/achievo
0.8.1
achievo/achievo
0.9.0
achievo/achievo
0.9.1
achievo/achievo
1.0.0 (4 CPE variants)
achievo/achievo
1.0.1
... and 11 more
Published
Oct 16, 2009
Tracked Since
Feb 18, 2026