Vulnerabilities > Achievo > Achievo > 1.4.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-20 | CVE-2012-5866 | Cross-Site Scripting vulnerability in Achievo 1.4.5 Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | 4.3 |
2014-10-20 | CVE-2012-5865 | SQL Injection vulnerability in Achievo 1.4.5 SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | 6.5 |
2011-09-23 | CVE-2011-3697 | Information Exposure vulnerability in Achievo 1.4.5 Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. | 5.0 |