Vulnerabilites related to achievo - achievo
Vulnerability from fkie_nvd
Published
2009-10-16 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| achievo | achievo | * | |
| achievo | achievo | 0.7.0 | |
| achievo | achievo | 0.7.1 | |
| achievo | achievo | 0.7.2 | |
| achievo | achievo | 0.7.3 | |
| achievo | achievo | 0.8.0 | |
| achievo | achievo | 0.8.0_rc1 | |
| achievo | achievo | 0.8.0_rc2 | |
| achievo | achievo | 0.8.1 | |
| achievo | achievo | 0.9.0 | |
| achievo | achievo | 0.9.1 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.1 | |
| achievo | achievo | 1.0.2 | |
| achievo | achievo | 1.0.3 | |
| achievo | achievo | 1.0.4 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.2.0 | |
| achievo | achievo | 1.2.0 | |
| achievo | achievo | 1.2.1 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.1 | |
| achievo | achievo | 1.3.2 | |
| achievo | achievo | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF54DB83-0DA5-41B7-89C0-AED8BFB98412",
"versionEndIncluding": "1.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E5D3DE-9D27-47B8-AEBE-0A0100389D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "819F0D23-FA81-4558-9F33-B48749269FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EB2D06-61A0-4000-8C04-FAA86C1F6CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAF7860-994A-4566-926D-5194FC970F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC2E5B0-F4F0-4DFE-A4F6-3F3429B0AC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D48115CA-3564-4F90-8085-5DA848A81B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0000135-28EF-4E6E-9E64-85A672B420F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF133D4-427D-46DD-95F5-88E3AC9EEB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DC3C06-2069-436B-BB29-5EAA412FF165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFF94E2-9071-408A-AAEA-6ABDCDD1CDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6519E24E-D08B-4176-A21D-6231567CF149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC0F696B-60E7-4560-A03D-627993F77279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5639EDD0-DA0B-419E-9DDE-746C1B2AF8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9FDAF1F0-7498-4F64-B0E4-9542DA7BAEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C37FD450-1AF0-4DBF-BECB-73F584F49BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "356CC90D-9078-4943-B97C-4BEA3CBF1EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DFF52-2035-43D3-935D-EE6A122A59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF2551-8009-40BB-9541-3885C8D93B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804AC3CE-270F-47EC-B501-75B296A99424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59B2745F-D0AA-426B-AA95-C2F0D2AA1774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00D07959-FE90-4907-9BAE-7C72DFD0D3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82CEEC2-19AF-4175-A0E4-0F97F875B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9C0B0D-5E4A-45BD-9150-90FC615357EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9FCA1AFB-11FC-4484-937C-0160C10B21F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3BF4DC9F-E62B-470F-AD63-818554544769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951EC99D-4FFB-4388-AAF0-84A60A67AC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "119EB712-D1E9-4AFC-A9C2-D33E1FE10F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n de get_employee en classweekreport.inc en Achievo anterior a v1.4.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro userid (alias variable user_id) en dispatch.php."
}
],
"id": "CVE-2009-2734",
"lastModified": "2024-11-21T01:05:37.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-16T16:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37035"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023017"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36660"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-16 16:30
Modified
2024-11-21 01:08
Severity ?
Summary
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt | Exploit | |
| cve@mitre.org | http://securitytracker.com/id?1023017 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.achievo.org/download/releasenotes/1_4_0 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023017 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.achievo.org/download/releasenotes/1_4_0 | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| achievo | achievo | * | |
| achievo | achievo | 0.7.0 | |
| achievo | achievo | 0.7.1 | |
| achievo | achievo | 0.7.2 | |
| achievo | achievo | 0.7.3 | |
| achievo | achievo | 0.8.0 | |
| achievo | achievo | 0.8.0 | |
| achievo | achievo | 0.8.0 | |
| achievo | achievo | 0.8.1 | |
| achievo | achievo | 0.9.0 | |
| achievo | achievo | 0.9.1 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.1 | |
| achievo | achievo | 1.0.2 | |
| achievo | achievo | 1.0.3 | |
| achievo | achievo | 1.0.4 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.2.0 | |
| achievo | achievo | 1.2.0 | |
| achievo | achievo | 1.2.1 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.1 | |
| achievo | achievo | 1.3.2 | |
| achievo | achievo | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF54DB83-0DA5-41B7-89C0-AED8BFB98412",
"versionEndIncluding": "1.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E5D3DE-9D27-47B8-AEBE-0A0100389D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "819F0D23-FA81-4558-9F33-B48749269FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EB2D06-61A0-4000-8C04-FAA86C1F6CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAF7860-994A-4566-926D-5194FC970F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC2E5B0-F4F0-4DFE-A4F6-3F3429B0AC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FCC5B27A-4A90-4F8D-A008-21F26907A1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FB73C9C-88A3-4102-9F25-C8EDF8D44B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF133D4-427D-46DD-95F5-88E3AC9EEB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DC3C06-2069-436B-BB29-5EAA412FF165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFF94E2-9071-408A-AAEA-6ABDCDD1CDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6519E24E-D08B-4176-A21D-6231567CF149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC0F696B-60E7-4560-A03D-627993F77279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5639EDD0-DA0B-419E-9DDE-746C1B2AF8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9FDAF1F0-7498-4F64-B0E4-9542DA7BAEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C37FD450-1AF0-4DBF-BECB-73F584F49BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "356CC90D-9078-4943-B97C-4BEA3CBF1EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DFF52-2035-43D3-935D-EE6A122A59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF2551-8009-40BB-9541-3885C8D93B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804AC3CE-270F-47EC-B501-75B296A99424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59B2745F-D0AA-426B-AA95-C2F0D2AA1774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00D07959-FE90-4907-9BAE-7C72DFD0D3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82CEEC2-19AF-4175-A0E4-0F97F875B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9C0B0D-5E4A-45BD-9150-90FC615357EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9FCA1AFB-11FC-4484-937C-0160C10B21F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3BF4DC9F-E62B-470F-AD63-818554544769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951EC99D-4FFB-4388-AAF0-84A60A67AC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "119EB712-D1E9-4AFC-A9C2-D33E1FE10F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en debugger.php en Achievo anterior a v1.4.0 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una URL en el par\u00e1metro config_atkroot."
}
],
"id": "CVE-2009-3705",
"lastModified": "2024-11-21T01:08:00.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-16T16:30:00.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-20 15:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57DF2F4E-FC58-4C81-A23D-E65FF3FF8AA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en include.php en Achievo 1.4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro field."
}
],
"id": "CVE-2012-5866",
"lastModified": "2024-11-21T01:45:23.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-20T15:55:04.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-17 19:30
Modified
2024-11-21 00:31
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | a_ux | * | |
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| achievo | achievo | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:a_ux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E99BBE-C53B-4C23-95AB-61239020E252",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
"matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro config_atkroot."
}
],
"id": "CVE-2007-2736",
"lastModified": "2024-11-21T00:31:31.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-17T19:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37919"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23992"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3928"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-03 11:30
Modified
2024-11-21 00:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en dispatch.php en Achievo v1.3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"atkaction\". NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-6034",
"lastModified": "2024-11-21T00:55:30.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-03T11:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31973"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-16 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| achievo | achievo | * | |
| achievo | achievo | 0.7.0 | |
| achievo | achievo | 0.7.1 | |
| achievo | achievo | 0.7.2 | |
| achievo | achievo | 0.7.3 | |
| achievo | achievo | 0.8.0 | |
| achievo | achievo | 0.8.0_rc1 | |
| achievo | achievo | 0.8.0_rc2 | |
| achievo | achievo | 0.8.1 | |
| achievo | achievo | 0.9.0 | |
| achievo | achievo | 0.9.1 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.0 | |
| achievo | achievo | 1.0.1 | |
| achievo | achievo | 1.0.2 | |
| achievo | achievo | 1.0.3 | |
| achievo | achievo | 1.0.4 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.1.0 | |
| achievo | achievo | 1.2.0 | |
| achievo | achievo | 1.2.0 | |
| achievo | achievo | 1.2.1 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.0 | |
| achievo | achievo | 1.3.1 | |
| achievo | achievo | 1.3.2 | |
| achievo | achievo | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF54DB83-0DA5-41B7-89C0-AED8BFB98412",
"versionEndIncluding": "1.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E5D3DE-9D27-47B8-AEBE-0A0100389D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "819F0D23-FA81-4558-9F33-B48749269FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EB2D06-61A0-4000-8C04-FAA86C1F6CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAF7860-994A-4566-926D-5194FC970F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC2E5B0-F4F0-4DFE-A4F6-3F3429B0AC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D48115CA-3564-4F90-8085-5DA848A81B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0000135-28EF-4E6E-9E64-85A672B420F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF133D4-427D-46DD-95F5-88E3AC9EEB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DC3C06-2069-436B-BB29-5EAA412FF165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFF94E2-9071-408A-AAEA-6ABDCDD1CDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6519E24E-D08B-4176-A21D-6231567CF149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC0F696B-60E7-4560-A03D-627993F77279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5639EDD0-DA0B-419E-9DDE-746C1B2AF8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9FDAF1F0-7498-4F64-B0E4-9542DA7BAEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C37FD450-1AF0-4DBF-BECB-73F584F49BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "356CC90D-9078-4943-B97C-4BEA3CBF1EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DFF52-2035-43D3-935D-EE6A122A59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF2551-8009-40BB-9541-3885C8D93B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804AC3CE-270F-47EC-B501-75B296A99424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59B2745F-D0AA-426B-AA95-C2F0D2AA1774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00D07959-FE90-4907-9BAE-7C72DFD0D3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82CEEC2-19AF-4175-A0E4-0F97F875B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9C0B0D-5E4A-45BD-9150-90FC615357EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9FCA1AFB-11FC-4484-937C-0160C10B21F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3BF4DC9F-E62B-470F-AD63-818554544769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951EC99D-4FFB-4388-AAF0-84A60A67AC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "119EB712-D1E9-4AFC-A9C2-D33E1FE10F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Achievo anterior a v1.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el t\u00edtulo programador en el m\u00f3dulo planificador, y los par\u00e1metros (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], y posiblemente (5) atksearch[contractname] en la pagina de administraci\u00f3n Organization Contracts, accesible a trav\u00e9s de dispatch.php."
}
],
"id": "CVE-2009-2733",
"lastModified": "2024-11-21T01:05:37.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-16T16:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37035"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023017"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"source": "cve@mitre.org",
"url": "http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507133/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36661"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53744"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507133/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53745"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-03 11:30
Modified
2024-11-21 00:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en dispatch.php en Achievo v1.3.2-STABLE, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"arknodetype\"."
}
],
"id": "CVE-2008-6035",
"lastModified": "2024-11-21T00:55:30.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-03T11:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0809-exploits/achievo-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31326"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0809-exploits/achievo-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-23 23:55
Modified
2024-11-21 01:31
Severity ?
Summary
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57DF2F4E-FC58-4C81-A23D-E65FF3FF8AA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files."
},
{
"lang": "es",
"value": "Achievo v1.4.5 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con modules/graph/jpgraph/jpgraph_radar.php y algunos otros archivos."
}
],
"id": "CVE-2011-3697",
"lastModified": "2024-11-21T01:31:01.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:01.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-11 04:00
Modified
2024-11-20 23:41
Severity ?
Summary
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.achievo.org/lists/2002/Aug/msg00092.html | ||
| cve@mitre.org | http://www.iss.net/security_center/static/9947.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/5552 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.achievo.org/lists/2002/Aug/msg00092.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9947.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5552 | Exploit, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E5D3DE-9D27-47B8-AEBE-0A0100389D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "819F0D23-FA81-4558-9F33-B48749269FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EB2D06-61A0-4000-8C04-FAA86C1F6CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAF7860-994A-4566-926D-5194FC970F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC2E5B0-F4F0-4DFE-A4F6-3F3429B0AC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D48115CA-3564-4F90-8085-5DA848A81B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0000135-28EF-4E6E-9E64-85A672B420F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF133D4-427D-46DD-95F5-88E3AC9EEB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DC3C06-2069-436B-BB29-5EAA412FF165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFF94E2-9071-408A-AAEA-6ABDCDD1CDDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the \u0027allow_url_fopen\u0027 setting is enabled via a URL in the config_atkroot parameter that points to the code."
},
{
"lang": "es",
"value": "class.atkdateattribute.js.php en Achievo 0.7.0 hasta 0.9.1 excepto 0.8.2, permite que atacantes remotos ejecuten c\u00f3digo PHP arbitrario cuando la opci\u00f3n \"allow_url_fopen\" est\u00e1 establecida mediante URL en el par\u00e1metro config_atkroot que apunta al c\u00f3digo."
}
],
"id": "CVE-2002-1435",
"lastModified": "2024-11-20T23:41:17.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.achievo.org/lists/2002/Aug/msg00092.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9947.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.achievo.org/lists/2002/Aug/msg00092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9947.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-20 15:55
Modified
2024-11-21 01:45
Severity ?
Summary
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57DF2F4E-FC58-4C81-A23D-E65FF3FF8AA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en dispatch.php en Achievo 1.4.5 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro activityid en una acci\u00f3n stats."
}
],
"id": "CVE-2012-5865",
"lastModified": "2024-11-21T01:45:23.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-20T15:55:04.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/88184"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80570"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-17 15:41
Modified
2024-11-21 00:47
Severity ?
Summary
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9C0B0D-5E4A-45BD-9150-90FC615357EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951EC99D-4FFB-4388-AAF0-84A60A67AC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de fichero no restringido en el editor de ficheros mcpuk (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) en Achievo 1.2.0 hasta 1.3.2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n al subir un fichero con .php seguido de una extensi\u00f3n segura y luego accediendo a \u00e9l mediante una solicitud directa al fichero del directorio ra\u00edz de Achievo. NOTA: Se trata s\u00f3lo es una vulnerabilidad en entornos que soportan m\u00faltiples extensiones como Apache con el m\u00f3dulo mod_mime habilitado."
}
],
"id": "CVE-2008-2742",
"lastModified": "2024-11-21T00:47:35.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-17T15:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30597"
},
{
"source": "cve@mitre.org",
"url": "http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42980"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5770"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-31 10:06
Modified
2024-11-21 00:11
Severity ?
Summary
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter."
}
],
"id": "CVE-2006-2688",
"lastModified": "2024-11-21T00:11:50.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-31T10:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.achievo.org/show_bug.cgi?id=624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20327"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.achievo.org/download/releasenotes/1_2_1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25811"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18171"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2053"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.achievo.org/show_bug.cgi?id=624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.achievo.org/download/releasenotes/1_2_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-5865
Vulnerability from cvelistv5
Published
2014-10-20 15:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/88184 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80570 | vdb-entry, x_refsource_XF | |
| https://www.htbridge.com/advisory/HTB23126 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/56858 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "88184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "achievo-activityid-sql-injection(80570)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"name": "56858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "88184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "achievo-activityid-sql-injection(80570)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"name": "56858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "88184",
"refsource": "OSVDB",
"url": "http://osvdb.org/88184"
},
{
"name": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "achievo-activityid-sql-injection(80570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80570"
},
{
"name": "https://www.htbridge.com/advisory/HTB23126",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"name": "56858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5865",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2012-11-14T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3705
Vulnerability from cvelistv5
Published
2009-10-16 16:00
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023017 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt | x_refsource_MISC | |
| http://www.achievo.org/download/releasenotes/1_4_0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-16T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023017",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023017"
},
{
"name": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/achievo134-rfi.txt"
},
{
"name": "http://www.achievo.org/download/releasenotes/1_4_0",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3705",
"datePublished": "2009-10-16T16:00:00Z",
"dateReserved": "2009-10-16T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:54.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6034
Vulnerability from cvelistv5
Published
2009-02-03 11:00
Modified
2024-08-07 11:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31325 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45331 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/31973 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:14.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31325"
},
{
"name": "achievo-dispatch-xss(45331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331"
},
{
"name": "31973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31325"
},
{
"name": "achievo-dispatch-xss(45331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331"
},
{
"name": "31973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31325"
},
{
"name": "achievo-dispatch-xss(45331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331"
},
{
"name": "31973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6034",
"datePublished": "2009-02-03T11:00:00",
"dateReserved": "2009-02-02T00:00:00",
"dateUpdated": "2024-08-07T11:13:14.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2733
Vulnerability from cvelistv5
Published
2009-10-16 16:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53745 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53744 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/37035 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1023017 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/36661 | vdb-entry, x_refsource_BID | |
| http://www.achievo.org/download/releasenotes/1_4_0 | x_refsource_CONFIRM | |
| http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/507133/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "achievo-dispatchphp-xss(53745)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53745"
},
{
"name": "achievo-title-xss(53744)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53744"
},
{
"name": "37035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"name": "36661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/"
},
{
"name": "20091013 [BONSAI] XSS in Achievo - Customized XSS payload included",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507133/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "achievo-dispatchphp-xss(53745)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53745"
},
{
"name": "achievo-title-xss(53744)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53744"
},
{
"name": "37035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"name": "36661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/"
},
{
"name": "20091013 [BONSAI] XSS in Achievo - Customized XSS payload included",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507133/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "achievo-dispatchphp-xss(53745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53745"
},
{
"name": "achievo-title-xss(53744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53744"
},
{
"name": "37035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023017"
},
{
"name": "36661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36661"
},
{
"name": "http://www.achievo.org/download/releasenotes/1_4_0",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"name": "http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/",
"refsource": "MISC",
"url": "http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/"
},
{
"name": "20091013 [BONSAI] XSS in Achievo - Customized XSS payload included",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507133/100/0/threaded"
},
{
"name": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt",
"refsource": "MISC",
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2733",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2742
Vulnerability from cvelistv5
Published
2008-06-17 15:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/5770 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42980 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30597 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29621 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:15.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html"
},
{
"name": "5770",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5770"
},
{
"name": "achievo-config-file-upload(42980)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42980"
},
{
"name": "30597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30597"
},
{
"name": "29621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html"
},
{
"name": "5770",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5770"
},
{
"name": "achievo-config-file-upload(42980)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42980"
},
{
"name": "30597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30597"
},
{
"name": "29621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/blog/archives/631-Achievo-1.3.3-Security-Release.html"
},
{
"name": "5770",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5770"
},
{
"name": "achievo-config-file-upload(42980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42980"
},
{
"name": "30597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30597"
},
{
"name": "29621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2742",
"datePublished": "2008-06-17T15:00:00",
"dateReserved": "2008-06-17T00:00:00",
"dateUpdated": "2024-08-07T09:14:15.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3697
Vulnerability from cvelistv5
Published
2011-09-23 23:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/achievo-1.4.5"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3697",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-17T02:06:31.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5866
Vulnerability from cvelistv5
Published
2014-10-20 15:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80571 | vdb-entry, x_refsource_XF | |
| https://www.htbridge.com/advisory/HTB23126 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/56858 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "achievo-include-xss(80571)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"name": "56858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "achievo-include-xss(80571)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"name": "56858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "achievo-include-xss(80571)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571"
},
{
"name": "https://www.htbridge.com/advisory/HTB23126",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23126"
},
{
"name": "56858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5866",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2012-11-14T00:00:00",
"dateUpdated": "2024-08-06T21:21:27.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1435
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.achievo.org/lists/2002/Aug/msg00092.html | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/9947.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5552 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020822 Arbitrary code execution problem in Achievo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.achievo.org/lists/2002/Aug/msg00092.html"
},
{
"name": "achievo-php-execute-code(9947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9947.php"
},
{
"name": "5552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the \u0027allow_url_fopen\u0027 setting is enabled via a URL in the config_atkroot parameter that points to the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020822 Arbitrary code execution problem in Achievo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.achievo.org/lists/2002/Aug/msg00092.html"
},
{
"name": "achievo-php-execute-code(9947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9947.php"
},
{
"name": "5552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the \u0027allow_url_fopen\u0027 setting is enabled via a URL in the config_atkroot parameter that points to the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020822 Arbitrary code execution problem in Achievo",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html"
},
{
"name": "http://www.achievo.org/lists/2002/Aug/msg00092.html",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/lists/2002/Aug/msg00092.html"
},
{
"name": "achievo-php-execute-code(9947)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9947.php"
},
{
"name": "5552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1435",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6035
Vulnerability from cvelistv5
Published
2009-02-03 11:00
Modified
2024-08-07 11:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.org/0809-exploits/achievo-xss.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/31326 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45344 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:14.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0809-exploits/achievo-xss.txt"
},
{
"name": "31326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31326"
},
{
"name": "achievo-atknodetype-xss(45344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0809-exploits/achievo-xss.txt"
},
{
"name": "31326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31326"
},
{
"name": "achievo-atknodetype-xss(45344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0809-exploits/achievo-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0809-exploits/achievo-xss.txt"
},
{
"name": "31326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31326"
},
{
"name": "achievo-atknodetype-xss(45344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6035",
"datePublished": "2009-02-03T11:00:00",
"dateReserved": "2009-02-02T00:00:00",
"dateUpdated": "2024-08-07T11:13:14.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2688
Vulnerability from cvelistv5
Published
2006-05-31 10:00
Modified
2024-08-07 17:58
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2053 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26755 | vdb-entry, x_refsource_XF | |
| http://www.achievo.org/download/releasenotes/1_2_1 | x_refsource_CONFIRM | |
| http://www.osvdb.org/25811 | vdb-entry, x_refsource_OSVDB | |
| http://bugzilla.achievo.org/show_bug.cgi?id=624 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/20327 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18171 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2053",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2053"
},
{
"name": "achievo-atkselector-sql-injection(26755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.achievo.org/download/releasenotes/1_2_1"
},
{
"name": "25811",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.achievo.org/show_bug.cgi?id=624"
},
{
"name": "20327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20327"
},
{
"name": "18171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2053",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2053"
},
{
"name": "achievo-atkselector-sql-injection(26755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.achievo.org/download/releasenotes/1_2_1"
},
{
"name": "25811",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.achievo.org/show_bug.cgi?id=624"
},
{
"name": "20327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20327"
},
{
"name": "18171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2053",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2053"
},
{
"name": "achievo-atkselector-sql-injection(26755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755"
},
{
"name": "http://www.achievo.org/download/releasenotes/1_2_1",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/download/releasenotes/1_2_1"
},
{
"name": "25811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25811"
},
{
"name": "http://bugzilla.achievo.org/show_bug.cgi?id=624",
"refsource": "CONFIRM",
"url": "http://bugzilla.achievo.org/show_bug.cgi?id=624"
},
{
"name": "20327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20327"
},
{
"name": "18171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2688",
"datePublished": "2006-05-31T10:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2734
Vulnerability from cvelistv5
Published
2009-10-16 16:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/507131/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/36660 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53743 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/37035 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1023017 | vdb-entry, x_refsource_SECTRACK | |
| http://www.achievo.org/download/releasenotes/1_4_0 | x_refsource_CONFIRM | |
| http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091013 [BONSAI] SQL Injection in Achievo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
},
{
"name": "36660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36660"
},
{
"name": "achievo-dispatch-sql-injection(53743)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
},
{
"name": "37035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091013 [BONSAI] SQL Injection in Achievo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
},
{
"name": "36660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36660"
},
{
"name": "achievo-dispatch-sql-injection(53743)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
},
{
"name": "37035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091013 [BONSAI] SQL Injection in Achievo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
},
{
"name": "36660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36660"
},
{
"name": "achievo-dispatch-sql-injection(53743)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
},
{
"name": "37035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023017"
},
{
"name": "http://www.achievo.org/download/releasenotes/1_4_0",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"name": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt",
"refsource": "MISC",
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2734",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2736
Vulnerability from cvelistv5
Published
2007-05-17 19:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/3928 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37919 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23992 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3928"
},
{
"name": "achievo-index-file-include(34305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305"
},
{
"name": "37919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37919"
},
{
"name": "23992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3928"
},
{
"name": "achievo-index-file-include(34305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305"
},
{
"name": "37919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37919"
},
{
"name": "23992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3928",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3928"
},
{
"name": "achievo-index-file-include(34305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305"
},
{
"name": "37919",
"refsource": "OSVDB",
"url": "http://osvdb.org/37919"
},
{
"name": "23992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2736",
"datePublished": "2007-05-17T19:00:00",
"dateReserved": "2007-05-17T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200705-0355
Vulnerability from variot
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Achievo is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. Achievo 1.1.0 is vulnerable to this issue; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "achievo",
"scope": "eq",
"trust": 1.8,
"vendor": "achievo",
"version": "1.1.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 95",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 98",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "gold"
},
{
"model": "achievo",
"scope": "eq",
"trust": 0.3,
"vendor": "achievo",
"version": "1.1"
},
{
"model": "achievo",
"scope": "ne",
"trust": 0.3,
"vendor": "achievo",
"version": "1.2"
}
],
"sources": [
{
"db": "BID",
"id": "23992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:a_ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2736"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Katatafish is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "23992"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
],
"trust": 0.9
},
"cve": "CVE-2007-2736",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-2736",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-26098",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2736",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-369",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-26098",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26098"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Achievo is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. \nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. \nAchievo 1.1.0 is vulnerable to this issue; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"db": "BID",
"id": "23992"
},
{
"db": "VULHUB",
"id": "VHN-26098"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2736",
"trust": 2.8
},
{
"db": "BID",
"id": "23992",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "37919",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "3928",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038",
"trust": 0.8
},
{
"db": "XF",
"id": "34305",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "3928",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-26098",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26098"
},
{
"db": "BID",
"id": "23992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"id": "VAR-200705-0355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26098"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:42.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.achievo.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2736"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/23992"
},
{
"trust": 1.7,
"url": "http://osvdb.org/37919"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/3928"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2736"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2736"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34305"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/3928"
},
{
"trust": 0.3,
"url": "http://www.achievo.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26098"
},
{
"db": "BID",
"id": "23992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26098"
},
{
"db": "BID",
"id": "23992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-26098"
},
{
"date": "2007-05-15T00:00:00",
"db": "BID",
"id": "23992"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"date": "2007-05-17T19:30:00",
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"date": "2007-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-26098"
},
{
"date": "2015-05-07T17:39:00",
"db": "BID",
"id": "23992"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002038"
},
{
"date": "2017-10-11T01:32:21.533000",
"db": "NVD",
"id": "CVE-2007-2736"
},
{
"date": "2007-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Achievo of index.php In PHP Remote file inclusion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002038"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-369"
}
],
"trust": 0.6
}
}