Known Vulnerabilities for products from Achievo
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Achievo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2012-5866 | Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web scri... | 4.3 - MEDIUM | 2014-10-20 | 2017-08-29 |
| CVE-2012-5865 | SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL comma... | 6.5 - MEDIUM | 2014-10-20 | 2017-08-29 |
| CVE-2011-3697 | Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the ... | 5 - MEDIUM | 2011-09-23 | 2012-03-13 |
| CVE-2009-3705 | PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary ... | 7.5 - HIGH | 2009-10-16 | 2021-04-07 |
| CVE-2009-2734 | SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attacke... | 7.5 - HIGH | 2009-10-16 | 2018-10-10 |
| CVE-2009-2733 | Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web sc... | 4.3 - MEDIUM | 2009-10-16 | 2018-10-10 |
| CVE-2008-6035 | Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary ... | 4.3 - MEDIUM | 2009-02-03 | 2017-08-08 |
| CVE-2008-6034 | Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web scr... | 4.3 - MEDIUM | 2009-02-03 | 2017-08-08 |
| CVE-2008-2742 | Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.... | 7.5 - HIGH | 2008-06-17 | 2017-09-29 |
| CVE-2007-2736 | PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code v... | 10 - HIGH | 2007-05-17 | 2017-10-11 |
| CVE-2006-2688 | SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allow... | 6.4 - MEDIUM | 2006-05-31 | 2017-07-20 |
| CVE-2002-1435 | class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP ... | 7.5 - HIGH | 2003-04-11 | 2008-09-05 |