fkie_nvd - fkie_cve-2009-2734

fkie_cve-2009-2734

Vulnerability from fkie_nvd

Published

2009-10-16 16:30

Modified

2025-04-09 00:30

Severity ?

Summary

SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/37035	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1023017
cve@mitre.org	http://www.achievo.org/download/releasenotes/1_4_0	Patch
cve@mitre.org	http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/507131/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/36660	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/53743
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37035	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023017
af854a3a-2127-422b-91ae-364da2661108	http://www.achievo.org/download/releasenotes/1_4_0	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507131/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36660	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/53743

Impacted products

Vendor	Product	Version
achievo	achievo	*
achievo	achievo	0.7.0
achievo	achievo	0.7.1
achievo	achievo	0.7.2
achievo	achievo	0.7.3
achievo	achievo	0.8.0
achievo	achievo	0.8.0_rc1
achievo	achievo	0.8.0_rc2
achievo	achievo	0.8.1
achievo	achievo	0.9.0
achievo	achievo	0.9.1
achievo	achievo	1.0.0
achievo	achievo	1.0.0
achievo	achievo	1.0.0
achievo	achievo	1.0.0
achievo	achievo	1.0.1
achievo	achievo	1.0.2
achievo	achievo	1.0.3
achievo	achievo	1.0.4
achievo	achievo	1.1.0
achievo	achievo	1.1.0
achievo	achievo	1.1.0
achievo	achievo	1.1.0
achievo	achievo	1.2.0
achievo	achievo	1.2.0
achievo	achievo	1.2.1
achievo	achievo	1.3.0
achievo	achievo	1.3.0
achievo	achievo	1.3.0
achievo	achievo	1.3.1
achievo	achievo	1.3.2
achievo	achievo	1.3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:achievo:achievo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF54DB83-0DA5-41B7-89C0-AED8BFB98412",
              "versionEndIncluding": "1.3.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E5D3DE-9D27-47B8-AEBE-0A0100389D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "819F0D23-FA81-4558-9F33-B48749269FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3EB2D06-61A0-4000-8C04-FAA86C1F6CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAF7860-994A-4566-926D-5194FC970F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC2E5B0-F4F0-4DFE-A4F6-3F3429B0AC48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48115CA-3564-4F90-8085-5DA848A81B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0000135-28EF-4E6E-9E64-85A672B420F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF133D4-427D-46DD-95F5-88E3AC9EEB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93DC3C06-2069-436B-BB29-5EAA412FF165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFFF94E2-9071-408A-AAEA-6ABDCDD1CDDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6519E24E-D08B-4176-A21D-6231567CF149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC0F696B-60E7-4560-A03D-627993F77279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5639EDD0-DA0B-419E-9DDE-746C1B2AF8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9FDAF1F0-7498-4F64-B0E4-9542DA7BAEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C37FD450-1AF0-4DBF-BECB-73F584F49BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "356CC90D-9078-4943-B97C-4BEA3CBF1EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3DFF52-2035-43D3-935D-EE6A122A59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4BF2551-8009-40BB-9541-3885C8D93B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "804AC3CE-270F-47EC-B501-75B296A99424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "59B2745F-D0AA-426B-AA95-C2F0D2AA1774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00D07959-FE90-4907-9BAE-7C72DFD0D3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633CE2A-7814-4963-BB65-B4499BBA5186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82CEEC2-19AF-4175-A0E4-0F97F875B192",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9C0B0D-5E4A-45BD-9150-90FC615357EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B835A00C-FFEA-4A88-ABD3-1C17A2FDC96F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9FCA1AFB-11FC-4484-937C-0160C10B21F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3BF4DC9F-E62B-470F-AD63-818554544769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "951EC99D-4FFB-4388-AAF0-84A60A67AC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D901628D-D446-45EE-B131-EAA04D48A352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:achievo:achievo:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "119EB712-D1E9-4AFC-A9C2-D33E1FE10F38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n de get_employee en classweekreport.inc en Achievo anterior a v1.4.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro userid (alias variable user_id) en dispatch.php."
    }
  ],
  "id": "CVE-2009-2734",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-16T16:30:00.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37035"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023017"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.achievo.org/download/releasenotes/1_4_0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/36660"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.achievo.org/download/releasenotes/1_4_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/36660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-2734 (GCVE-0-2009-2734)

Vulnerability from cvelistv5

Published

2009-10-16 16:00