Achievo 1.1.0 Release Candidate 1

CPE Details

Achievo 1.1.0 Release Candidate 1
achievo
achievo
1.1.0
2021-04-05
17h45 +00:00
2021-04-09
11h30 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:achievo:achievo:1.1.0:rc1:*:*:*:*:*:*

Informations

Vendor

achievo

Product

achievo

Version

1.1.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2009-3705 2009-10-16 16h00 +00:00 PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
7.5
CVE-2009-2733 2009-10-16 14h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
4.3
CVE-2009-2734 2009-10-16 14h00 +00:00 SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
7.5
CVE-2007-2736 2007-05-17 17h00 +00:00 PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
10
CVE-2006-2688 2006-05-31 08h00 +00:00 SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
6.4