* Achievo 1.4.5 and possibly below.
Achievo is a flexible web-based resource management tool for business environments. Achievo's resource management capabilities will enable organisations to support their business processes in a simple, but effective manner.
Achievo is affected by XSS, LFI and SQL Injection vulnerabilities in version 1.4.5.
http://example.com/achievo-1.4.5/dispatch.php?atknodetype=employee.userprefs&atkaction=edit&atkselector=(SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)&atklevel=-1&atkprevlevel=0&=3 You can read the full article about Cross-Site Scripting, LFI and SQL
Injection vulnerabilities from here:
23/01/2011 - First contact
25/02/2012 - Second contact - No response
01/11/2012 - Advisory released