{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T20:16:46.113291Z","vulnerabilities":[{"cve":{"id":"CVE-2008-2742","sourceIdentifier":"cve@mitre.org","published":"2008-06-17T15:41:00.000","lastModified":"2025-04-09T00:30:58.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory.  NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled."},{"lang":"es","value":"Vulnerabilidad de subida de fichero no restringido en el editor de ficheros mcpuk (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) en Achievo 1.2.0 hasta 1.3.2, permite a atacantes remotos ejecutar código de su elección al subir un fichero con .php seguido de una extensión segura y luego accediendo a él mediante una solicitud directa al fichero del directorio raíz de Achievo. NOTA: Se trata sólo es una vulnerabilidad en entornos que soportan múltiples extensiones como Apache con el módulo mod_mime habilitado."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"8633CE2A-7814-4963-BB65-B4499BBA5186"},{"vulnerable":true,"criteria":"cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1B9C0B0D-5E4A-45BD-9150-90FC615357EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F"},{"vulnerable":true,"criteria":"cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"951EC99D-4FFB-4388-AAF0-84A60A67AC3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"D901628D-D446-45EE-B131-EAA04D48A352"}]}]}],"references":[{"url":"http://secunia.com/advisories/30597","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/29621","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42980","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/5770","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/30597","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/29621","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42980","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/5770","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}