Vulnerability Details : CVE-2007-2736

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

Vulnerability category: File inclusion

Published 2007-05-17 19:30:00

Updated 2017-10-11 01:32:22

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-2736

Probability of exploitation activity in the next 30 days: 6.87%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-2736

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-2736

Products affected by CVE-2007-2736

Achievo » Achievo » Version: 1.1.0
cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » A Ux
When used together with: Apple » Mac Os X
When used together with: HP » Hp-ux
When used together with: HP » Tru64
When used together with: IBM » OS2
When used together with: Linux » Linux Kernel
When used together with: Microsoft » Windows 2000
When used together with: Microsoft » Windows 2003 Server
When used together with: Microsoft » Windows 95
When used together with: Microsoft » Windows 98 » Update Gold
When used together with: Microsoft » Windows 98se
When used together with: Microsoft » Windows Me
When used together with: Microsoft » Windows Nt » Version: 4.0
When used together with: Microsoft » Windows Xp
When used together with: Santa Cruz Operation » Sco Unix
When used together with: SUN » Solaris
When used together with: Windriver » Bsdos