CVE-2009-2734

2009-10-16T16:30:00
ID CVE-2009-2734
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T19:42:00

Description

SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.