• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Achievo Remote File Include Command Execution Vulnerability

Solution:
Exploitation of this and other remote file include issues may be limited by disabling both 'allow_url_fopen' and 'register_globals' in the local site PHP configuration.

The vendor has made fixes available for stable releases of the software. Fixes for development releases will also be reportedly made available.


Achieva Achieva 0.8 .0

• Achievo achievo-stable-0.8.2.tar.gz
  http://ftp.achievo.org/pub/achievo/achievo-stable-0.8.2.tar.gz

Achieva Achieva 0.8 .0 RC2

• Achievo achievo-stable-0.8.2.tar.gz
  http://ftp.achievo.org/pub/achievo/achievo-stable-0.8.2.tar.gz

Achieva Achieva 0.8 .0 RC1

• Achievo achievo-stable-0.8.2.tar.gz
  http://ftp.achievo.org/pub/achievo/achievo-stable-0.8.2.tar.gz

Achieva Achieva 0.8.1

• Achievo achievo-stable-0.8.2.tar.gz
  http://ftp.achievo.org/pub/achievo/achievo-stable-0.8.2.tar.gz