CVE-2012-5865

CVE-2012-5865 concerns Achievo 1.4.5 where a SQL injection flaw exists in the dispatch.php script via the GET parameter activityid in the stats action. The vulnerability can be exploited by remote authenticated users to inject arbitrary SQL commands into the database, with the PoC indicating the ...

Multiple vulnerabilities in Achievo

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Achievo 1.4.5 - Multiple Vulnerabilities 2 Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89,...

Achievo 1.4.5 Cross Site Scripting / SQL Injection

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities

Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability...