Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4
CVE-2006-2688
- EPSS 0.5%
- Published 31.05.2006 10:06:00
- Last modified 03.04.2025 01:03:51
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
7.5
CVE-2002-1435
- EPSS 5.77%
- Published 11.04.2003 04:00:00
- Last modified 03.04.2025 01:03:51
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.