Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2688

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2688
Last Modified 07 Mar 2011 09:36:46
Published 31 May 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2688

Summary

SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.

Vulnerable Systems

Application

  • Achievo 1.1.0

  • Achievo 1.2.0


References

CONFIRM - http://www.achievo.org/download/releasenotes/1_2_1

SECUNIA - 20327

VUPEN - ADV-2006-2053

CONFIRM - http://bugzilla.achievo.org/show_bug.cgi?id=624

XF - achievo-atkselector-sql-injection(26755)

BID - 18171

OSVDB - 25811


Last Updated: 27 May 2016 10:42:42