GCVE - cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*

part: a version: 1.3.0 update: *

Vendor	Achievo (`b431fc0f-318c-5ac2-a0bb-6323ff5f80b2`)
Product	Achievo (`ab15ea88-2f1c-59b4-b377-cc61a88e8c21`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-3705`	vulnerable	2026-06-03 14:29:52.847111	Details available PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Published: 2009-10-16T16:00:00.000Z Updated: 2024-09-16T18:48:54.570Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1023017 http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt http://www.achievo.org/download/releasenotes/1_4_0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2734`	vulnerable	2026-06-03 14:29:42.923004	Details available SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. Published: 2009-10-16T16:00:00.000Z Updated: 2024-08-07T05:59:57.059Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/507131/100/0/threaded http://www.securityfocus.com/bid/36660 https://exchange.xforce.ibmcloud.com/vulnerabilities/53743 http://secunia.com/advisories/37035 http://securitytracker.com/id?1023017	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2733`	vulnerable	2026-06-03 14:29:42.919300	Details available Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php. Published: 2009-10-16T16:00:00.000Z Updated: 2024-08-07T05:59:57.113Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/53745 https://exchange.xforce.ibmcloud.com/vulnerabilities/53744 http://secunia.com/advisories/37035 http://securitytracker.com/id?1023017 http://www.securityfocus.com/bid/36661	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2742`	vulnerable	2026-06-03 14:28:50.661935	Details available Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled. Published: 2008-06-17T15:00:00.000Z Updated: 2024-08-07T09:14:15.208Z Open on db.gcve.eu Reference links http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html https://www.exploit-db.com/exploits/5770 https://exchange.xforce.ibmcloud.com/vulnerabilities/42980 http://secunia.com/advisories/30597 http://www.securityfocus.com/bid/29621	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.