CVE Tools

achievo

Enterprise Softwareunknown

12

Cumulative CVEs

8

Monthly snapshots

#21

Peak rank

Top products

Latest CVEs

The 12 most recently published vulnerabilities affecting achievo.

CVE-2012-5866Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.4.3Oct 20, 2014
CVE-2012-5865SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.6.5Oct 20, 2014
CVE-2011-3697Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/...5.0Sep 23, 2011
CVE-2009-3705PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.7.5Oct 16, 2009
CVE-2009-2734SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_...7.5Oct 16, 2009
CVE-2009-2733Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and th...4.3Oct 16, 2009
CVE-2008-6035Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.4.3Feb 3, 2009
CVE-2008-6034Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this i...4.3Feb 3, 2009
CVE-2008-2742Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute a...7.5Jun 17, 2008
CVE-2007-2736PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.10.0May 17, 2007
CVE-2006-2688SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector...6.4May 31, 2006
CVE-2002-1435class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the conf...7.5Sep 1, 2004