Unrated severityNVD Advisory· Published May 31, 2006· Updated Apr 16, 2026

CVE-2006-2688

Description

SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.

Affected products

Achievo/Achievo2 versions
cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:achievo:achievo:1.2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20327nvdPatchVendor Advisory
www.achievo.org/download/releasenotes/1_2_1nvdPatch
bugzilla.achievo.org/show_bug.cginvd
www.osvdb.org/25811nvd
www.securityfocus.com/bid/18171nvd
www.vupen.com/english/advisories/2006/2053nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26755nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000