CVE-2008-2742

Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
Configurations

Configuration 1

cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*

Information

Published : 2008-06-17 03:41

Updated : 2017-09-29 01:31


NVD link : CVE-2008-2742

Mitre link : CVE-2008-2742

Products Affected
No products.
CWE