Vulnerabilities > Achievo > Achievo > 1.4.5

DATE CVE VULNERABILITY TITLE RISK
2014-10-20 CVE-2012-5866 Cross-Site Scripting vulnerability in Achievo 1.4.5
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
network
achievo CWE-79
4.3
4.3
2014-10-20 CVE-2012-5865 SQL Injection vulnerability in Achievo 1.4.5
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
network
low complexity
achievo CWE-89
6.5
6.5
2011-09-23 CVE-2011-3697 Information Exposure vulnerability in Achievo 1.4.5
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.
network
low complexity
achievo CWE-200
5.0
5.0