class.atkdateattribute.js.php in Achievo 0.7.0 up to and including 0.9.1, except 0.8.2, allows remote malicious users to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
achievo achievo 0.9.0 |
||
achievo achievo 0.9.1 |
||
achievo achievo 0.8.0_rc1 |
||
achievo achievo 0.8.1 |
||
achievo achievo 0.7.0 |
||
achievo achievo 0.7.1 |
||
achievo achievo 0.7.2 |
||
achievo achievo 0.7.3 |
||
achievo achievo 0.8.0 |
||
achievo achievo 0.8.0_rc2 |