Achievo: >> Achievo >> 1.4.5 Security Vulnerabilities
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
CVSS Score
6.5
EPSS Score
0.01
Published
2014-10-20
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-10-20
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-23