Achievo 0.7.0

CPE Details

Achievo 0.7.0
achievo
achievo
0.7.0
2021-04-05
17h45 +00:00
2021-04-09
11h30 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*

Informations

Vendor

achievo

Product

achievo

Version

0.7.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-3705 2009-10-16 16h00 +00:00 PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
7.5
CVE-2009-2733 2009-10-16 14h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
4.3
CVE-2009-2734 2009-10-16 14h00 +00:00 SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
7.5
CVE-2002-1435 2004-09-01 02h00 +00:00 class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
7.5