Achievo

Achievo

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2012-5865

Exploit
  • EPSS 1.01%
  • Veröffentlicht 20.10.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.

4.3

CVE-2012-5866

Exploit
  • EPSS 0.37%
  • Veröffentlicht 20.10.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.

5

CVE-2011-3697

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.09.2011 23:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.

4.3

CVE-2009-2733

Exploit
  • EPSS 2.76%
  • Veröffentlicht 16.10.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_cus...

7.5

CVE-2009-2734

Exploit
  • EPSS 0.9%
  • Veröffentlicht 16.10.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.

7.5

CVE-2009-3705

Exploit
  • EPSS 1%
  • Veröffentlicht 16.10.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

4.3

CVE-2008-6034

  • EPSS 0.17%
  • Veröffentlicht 03.02.2009 11:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solel...

4.3

CVE-2008-6035

Exploit
  • EPSS 0.25%
  • Veröffentlicht 03.02.2009 11:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.

7.5

CVE-2008-2742

  • EPSS 1.09%
  • Veröffentlicht 17.06.2008 15:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed ...

10

CVE-2007-2736

  • EPSS 2.98%
  • Veröffentlicht 17.05.2007 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.