GCVE - cpe:2.3:a:achievo:achievo:1.4.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:achievo:achievo:1.4.5:*:*:*:*:*:*:*

part: a version: 1.4.5 update: *

Vendor	Achievo (`b431fc0f-318c-5ac2-a0bb-6323ff5f80b2`)
Product	Achievo (`ab15ea88-2f1c-59b4-b377-cc61a88e8c21`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:bitbucket/minghuadev/achievo`	purl2cpe	2026-06-01 10:14:04.459775
`pkg:github/atkphpframework/achievo`	purl2cpe	2026-06-01 10:14:04.459777

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-5866`	vulnerable	2026-06-03 14:32:32.161412	Details available Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. Published: 2014-10-20T15:00:00.000Z Updated: 2024-08-06T21:21:27.668Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/80571 https://www.htbridge.com/advisory/HTB23126 http://www.securityfocus.com/bid/56858	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-5865`	vulnerable	2026-06-03 14:32:32.161002	Details available SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. Published: 2014-10-20T15:00:00.000Z Updated: 2024-08-06T21:21:28.196Z Open on db.gcve.eu Reference links http://osvdb.org/88184 http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/80570 https://www.htbridge.com/advisory/HTB23126 http://www.securityfocus.com/bid/56858	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3697`	vulnerable	2026-06-03 14:31:21.634322	Details available Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. Published: 2011-09-23T23:00:00.000Z Updated: 2024-09-17T02:06:31.074Z Open on db.gcve.eu Reference links http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5 http://www.openwall.com/lists/oss-security/2011/06/27/6 http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.