Vulnerabilities > Achievo

DATE CVE VULNERABILITY TITLE RISK
2006-05-31 CVE-2006-2688 SQL Injection vulnerability in Achievo 1.1.0/1.2.0
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
network
low complexity
achievo
6.4
2003-04-11 CVE-2002-1435 Remote File Include Command Execution vulnerability in Achievo
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
network
low complexity
achievo
7.5