Known Vulnerabilities for products from Achievo
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Achievo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2012-5866 json | Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web scri... | 4.3 - MEDIUM | 2014-10-20 | 2017-08-29 |
| CVE-2012-5865 json | SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL comma... | 6.5 - MEDIUM | 2014-10-20 | 2017-08-29 |
| CVE-2011-3697 json | Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the ... | 5 - MEDIUM | 2011-09-23 | 2012-03-13 |
| CVE-2009-3705 json | PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary ... | Not Provided | 2009-10-16 | 2026-04-23 |
| CVE-2009-2734 json | SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attacke... | Not Provided | 2009-10-16 | 2026-04-23 |
| CVE-2009-2733 json | Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web sc... | Not Provided | 2009-10-16 | 2026-04-23 |
| CVE-2008-6035 json | Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary ... | Not Provided | 2009-02-03 | 2026-04-23 |
| CVE-2008-6034 json | Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web scr... | Not Provided | 2009-02-03 | 2026-04-23 |
| CVE-2008-2742 json | Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.... | Not Provided | 2008-06-17 | 2026-04-23 |
| CVE-2007-2736 json | PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code v... | Not Provided | 2007-05-17 | 2026-04-23 |
| CVE-2006-2688 json | SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allow... | 6.4 - MEDIUM | 2006-05-31 | 2017-07-20 |
| CVE-2002-1435 json | class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP ... | Not Provided | 2003-04-11 | 2025-04-03 |