6 matches found
CVE-2012-5866
CVE-2012-5866 is an XSS vulnerability in Achievo 1.4.5, caused by an input sanitation error in include.php when handling the HTTP GET parameter field. An attacker can inject arbitrary HTML/JavaScript into a user’s browser. A PoC demonstrates script execution via include.php?field=... The HTB advi...
Multiple vulnerabilities in Achievo
Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...
Achievo 1.4.5 - Multiple Vulnerabilities (2)
Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...
Achievo 1.4.5 - Multiple Vulnerabilities (2)
Achievo 1.4.5 - Multiple Vulnerabilities 2 Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89,...
Achievo 1.4.5 Cross Site Scripting / SQL Injection
Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...
Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities
Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability...