Achievo

Achievo

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2012-5865

Exploit
  • EPSS 1.01%
  • Published 20.10.2014 15:55:04
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.

4.3

CVE-2012-5866

Exploit
  • EPSS 0.37%
  • Published 20.10.2014 15:55:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.

5

CVE-2011-3697

Exploit
  • EPSS 0.28%
  • Published 23.09.2011 23:55:01
  • Last modified 11.04.2025 00:51:21

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.

4.3

CVE-2009-2733

Exploit
  • EPSS 2.76%
  • Published 16.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_cus...

7.5

CVE-2009-2734

Exploit
  • EPSS 0.9%
  • Published 16.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.

7.5

CVE-2009-3705

Exploit
  • EPSS 1%
  • Published 16.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

4.3

CVE-2008-6034

  • EPSS 0.17%
  • Published 03.02.2009 11:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solel...

4.3

CVE-2008-6035

Exploit
  • EPSS 0.25%
  • Published 03.02.2009 11:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.

7.5

CVE-2008-2742

  • EPSS 1.09%
  • Published 17.06.2008 15:41:00
  • Last modified 09.04.2025 00:30:58

Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed ...

10

CVE-2007-2736

  • EPSS 2.98%
  • Published 17.05.2007 19:30:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.