CVE-2006-2688 Information

Description

SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.

Reference

http://bugzilla.achievo.org/show_bug.cgi?id=624 http://secunia.com/advisories/20327 http://www.achievo.org/download/releasenotes/1_2_1 http://www.osvdb.org/25811 http://www.securityfocus.com/bid/18171 http://www.vupen.com/english/advisories/2006/2053 https://exchange.xforce.ibmcloud.com/vulnerabilities/26755