CVE-2011-3697

CVE Database · CVE-2011-3697

CVE-2011-3697

· N/AModified

CVSS v3.1

N/A

EPSS

1.33%

Published

Sep 23, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.

Weaknesses (CWE)

CWE-200

Affected Products (1)

achievo · achievovulnerable

References (6)

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5

Exploit

http://www.openwall.com/lists/oss-security/2011/06/27/6

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5

Exploit

http://www.openwall.com/lists/oss-security/2011/06/27/6

KEV Catalog EPSS Scores Vendors All CVEs