GCVE - cpe:2.3:a:achievo:achievo:0.8.0_rc1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:achievo:achievo:0.8.0_rc1:*:*:*:*:*:*:*

part: a version: 0.8.0_rc1 update: *

Vendor	Achievo (`b431fc0f-318c-5ac2-a0bb-6323ff5f80b2`)
Product	Achievo (`ab15ea88-2f1c-59b4-b377-cc61a88e8c21`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:bitbucket/minghuadev/achievo`	purl2cpe	2026-06-01 10:14:04.449562
`pkg:github/atkphpframework/achievo`	purl2cpe	2026-06-01 10:14:04.449564

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-2734`	vulnerable	2026-06-03 14:29:42.922679	Details available SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. Published: 2009-10-16T16:00:00.000Z Updated: 2024-08-07T05:59:57.059Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/507131/100/0/threaded http://www.securityfocus.com/bid/36660 https://exchange.xforce.ibmcloud.com/vulnerabilities/53743 http://secunia.com/advisories/37035 http://securitytracker.com/id?1023017	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2733`	vulnerable	2026-06-03 14:29:42.908561	Details available Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php. Published: 2009-10-16T16:00:00.000Z Updated: 2024-08-07T05:59:57.113Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/53745 https://exchange.xforce.ibmcloud.com/vulnerabilities/53744 http://secunia.com/advisories/37035 http://securitytracker.com/id?1023017 http://www.securityfocus.com/bid/36661	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1435`	vulnerable	2026-06-03 14:26:16.711108	Details available class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. Published: 2004-09-01T04:00:00.000Z Updated: 2024-08-08T03:26:28.372Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html http://www.achievo.org/lists/2002/Aug/msg00092.html http://www.iss.net/security_center/static/9947.php http://www.securityfocus.com/bid/5552	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.