fkie_nvd - fkie_cve-2009-3705

fkie_cve-2009-3705

Vulnerability from fkie_nvd

Published

2009-10-16 16:30

Modified

2025-04-09 00:30

Severity ?

Summary

PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt	Exploit
cve@mitre.org	http://securitytracker.com/id?1023017	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.achievo.org/download/releasenotes/1_4_0	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023017	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.achievo.org/download/releasenotes/1_4_0	Not Applicable

Impacted products

Vendor	Product	Version
achievo	achievo	*
achievo	achievo	0.7.0
achievo	achievo	0.7.1
achievo	achievo	0.7.2
achievo	achievo	0.7.3
achievo	achievo	0.8.0
achievo	achievo	0.8.0
achievo	achievo	0.8.0
achievo	achievo	0.8.1
achievo	achievo	0.9.0
achievo	achievo	0.9.1
achievo	achievo	1.0.0
achievo	achievo	1.0.0
achievo	achievo	1.0.0
achievo	achievo	1.0.0
achievo	achievo	1.0.1
achievo	achievo	1.0.2
achievo	achievo	1.0.3
achievo	achievo	1.0.4
achievo	achievo	1.1.0
achievo	achievo	1.1.0
achievo	achievo	1.1.0
achievo	achievo	1.1.0
achievo	achievo	1.2.0
achievo	achievo	1.2.0
achievo	achievo	1.2.1
achievo	achievo	1.3.0
achievo	achievo	1.3.0
achievo	achievo	1.3.0
achievo	achievo	1.3.1
achievo	achievo	1.3.2
achievo	achievo	1.3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:achievo:achievo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF54DB83-0DA5-41B7-89C0-AED8BFB98412",
              "versionEndIncluding": "1.3.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E5D3DE-9D27-47B8-AEBE-0A0100389D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "819F0D23-FA81-4558-9F33-B48749269FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3EB2D06-61A0-4000-8C04-FAA86C1F6CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAF7860-994A-4566-926D-5194FC970F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC2E5B0-F4F0-4DFE-A4F6-3F3429B0AC48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FCC5B27A-4A90-4F8D-A008-21F26907A1AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FB73C9C-88A3-4102-9F25-C8EDF8D44B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF133D4-427D-46DD-95F5-88E3AC9EEB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93DC3C06-2069-436B-BB29-5EAA412FF165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFFF94E2-9071-408A-AAEA-6ABDCDD1CDDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6519E24E-D08B-4176-A21D-6231567CF149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC0F696B-60E7-4560-A03D-627993F77279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5639EDD0-DA0B-419E-9DDE-746C1B2AF8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9FDAF1F0-7498-4F64-B0E4-9542DA7BAEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C37FD450-1AF0-4DBF-BECB-73F584F49BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "356CC90D-9078-4943-B97C-4BEA3CBF1EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3DFF52-2035-43D3-935D-EE6A122A59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4BF2551-8009-40BB-9541-3885C8D93B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "804AC3CE-270F-47EC-B501-75B296A99424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "59B2745F-D0AA-426B-AA95-C2F0D2AA1774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00D07959-FE90-4907-9BAE-7C72DFD0D3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82CEEC2-19AF-4175-A0E4-0F97F875B192",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9C0B0D-5E4A-45BD-9150-90FC615357EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9FCA1AFB-11FC-4484-937C-0160C10B21F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3BF4DC9F-E62B-470F-AD63-818554544769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "951EC99D-4FFB-4388-AAF0-84A60A67AC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "119EB712-D1E9-4AFC-A9C2-D33E1FE10F38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en debugger.php en Achievo anterior a v1.4.0 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una URL en el par\u00e1metro config_atkroot."
    }
  ],
  "id": "CVE-2009-3705",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-16T16:30:00.860",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1023017"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.achievo.org/download/releasenotes/1_4_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1023017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.achievo.org/download/releasenotes/1_4_0"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-3705 (GCVE-0-2009-3705)

Vulnerability from cvelistv5

Published

2009-10-16 16:00