This weekend I stumbled upon a Achievo install on an Intranet environment and lo and behold - it had a security vulnerability in it. Actually it had other issues too, like open directories, misconfiguration that allowed attackers to read all the include files, etcetera. Not the most secure software in the world and seen fairly often on Intranet environments. It’s project management software for time tracking. From what I understand it’s free or they have a free version which makes it more attractive to SMBs that have professional services.
Click here for the live demo of the problem. The example on the Intranet environment that I saw was slightly different: http://ip/?auth_user=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E
It also looks like it may be vulnerable to SQL injections, although I didn’t press on this issue much, due to time constraints. Either way, if you are using this software, I’d recommend putting it behind a basic auth script or something to protect yourself from being automatically sent there by attackers, and if you run it on your external environment even more so.