Unrated severityNVD Advisory· Published Jun 17, 2008· Updated Jun 16, 2026
CVE-2008-2742
CVE-2008-2742
Description
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*
- (no CPE)range: 1.2.0 - 1.3.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.