Vulnerabilities > Achievo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-31 | CVE-2006-2688 | SQL Injection vulnerability in Achievo 1.1.0/1.2.0 SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. | 6.4 |
2003-04-11 | CVE-2002-1435 | Remote File Include Command Execution vulnerability in Achievo class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. | 7.5 |