Security Advisory

CVE-2009-2734

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-10-16 16:00:00

Last updated 2024-08-07 05:59:57

Assigner mitre

State PUBLISHED

Description

SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.

← Browse all CVEs View on cve.org ↗