CVE-2006-2688

Published: May 31, 2006Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.

Affected (2)

Products: Achievo: Achievo

Achievo

1 product

Achievo

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Achievo Achievo	Version 1.1.0
Achievo Achievo	Version 1.2.0

References (14)

http://bugzilla.achievo.org/show_bug.cgi?id=624

Source: cve@mitre.org

http://secunia.com/advisories/20327

Source: cve@mitre.org

PatchVendor Advisory

http://www.achievo.org/download/releasenotes/1_2_1

Source: cve@mitre.org

Patch

http://www.osvdb.org/25811

Source: cve@mitre.org

http://www.securityfocus.com/bid/18171

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2053

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26755

Source: cve@mitre.org

http://bugzilla.achievo.org/show_bug.cgi?id=624