GCVE - cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*

part: a version: 1.1.0 update: *

Vendor	Achievo (`b431fc0f-318c-5ac2-a0bb-6323ff5f80b2`)
Product	Achievo (`ab15ea88-2f1c-59b4-b377-cc61a88e8c21`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-3705`	vulnerable	2026-06-03 14:29:52.843458	Details available PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Published: 2009-10-16T16:00:00.000Z Updated: 2024-09-16T18:48:54.570Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1023017 http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt http://www.achievo.org/download/releasenotes/1_4_0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2734`	vulnerable	2026-06-03 14:29:42.922890	Details available SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. Published: 2009-10-16T16:00:00.000Z Updated: 2024-08-07T05:59:57.059Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/507131/100/0/threaded http://www.securityfocus.com/bid/36660 https://exchange.xforce.ibmcloud.com/vulnerabilities/53743 http://secunia.com/advisories/37035 http://securitytracker.com/id?1023017	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2733`	vulnerable	2026-06-03 14:29:42.915883	Details available Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php. Published: 2009-10-16T16:00:00.000Z Updated: 2024-08-07T05:59:57.113Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/53745 https://exchange.xforce.ibmcloud.com/vulnerabilities/53744 http://secunia.com/advisories/37035 http://securitytracker.com/id?1023017 http://www.securityfocus.com/bid/36661	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2736`	vulnerable	2026-06-03 14:28:09.276009	Details available PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Published: 2007-05-17T19:00:00.000Z Updated: 2024-08-07T13:49:57.405Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/3928 https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 http://osvdb.org/37919 http://www.securityfocus.com/bid/23992	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2688`	vulnerable	2026-06-03 14:27:32.947435	Details available SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. Published: 2006-05-31T10:00:00.000Z Updated: 2024-08-07T17:58:51.738Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/2053 https://exchange.xforce.ibmcloud.com/vulnerabilities/26755 http://www.achievo.org/download/releasenotes/1_2_1 http://www.osvdb.org/25811 http://bugzilla.achievo.org/show_bug.cgi?id=624	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.