6 matches found
Achievo <= 1.3.4 - SQL Injection
No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...
CVE-2009-2734
Achievo (before 1.4.0) is affected by a SQL injection in the dispatch.php path via the get_employee function. The vulnerability stems from the get_employee($user_id) code building a SQL query with the user-provided userid/user_id without proper sanitization: SELECT * FROM person WHERE status='act...
[BONSAI] SQL Injection in Achievo
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt Date published:...
Achievo <= 1.3.4 SQL Injection
Exploit for unknown platform in category web applications ============================== Achievo = 1.3.4 SQL Injection ============================== 1. Vulnerability Information Class: SQL Injection Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2009-2734 2. Software Descriptio...
Achievo SQL Injection
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt Date published:...
Achievo 1.3.4 - SQL Injection
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt Date published:...