NuytsTech Security

CVE-2009-2734

by ·

SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.

Date published : 2009-10-16

http://www.securityfocus.com/bid/36660

http://www.securityfocus.com/archive/1/507131/100/0/threaded

Tags: