Achievo: >> Achievo Security Vulnerabilities
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
CVSS Score
6.4
EPSS Score
0.005
Published
2006-05-31
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
CVSS Score
7.5
EPSS Score
0.058
Published
2003-04-11
Page 2