Lucene search
MitreCVELIST:CVE-2009-2734HistoryOct 16, 2009 - 4:00 p.m.
CVE-2009-2734
2009-10-1616:00:00
mitre
www.cve.org
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
References
secunia.com/advisories/37035
securitytracker.com/id?1023017
www.achievo.org/download/releasenotes/1_4_0
www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt
www.securityfocus.com/archive/1/507131/100/0/threaded
www.securityfocus.com/bid/36660
exchange.xforce.ibmcloud.com/vulnerabilities/53743
Related
packetstorm
packetstorm
Achievo SQL Injection
2009-10-14 00:00:00
seebug
seebug
Achievo <= 1.3.4 - SQL Injection
2014-07-01 00:00:00
Achievo <= 1.3.4 SQL Injection
2009-10-14 00:00:00
exploitpack
exploitpack
Achievo 1.3.4 - SQL Injection
2009-10-14 00:00:00
prion
prion
Sql injection
2009-10-16 16:30:00
nvd
nvd
CVE-2009-2734
2009-10-16 16:30:00
cve
cve
CVE-2009-2734
2009-10-16 16:30:00
securityvulns
securityvulns
[BONSAI] SQL Injection in Achievo
2009-10-14 00:00:00
exploitdb
exploitdb
Achievo 1.3.4 - SQL Injection
2009-10-14 00:00:00
nessus
nessus
Achievo < 1.4.0 Multiple Vulnerabilities
2009-10-15 00:00:00