CVE-2005-3679

Name of the Vulnerable Software and Affected Versions ActiveCampaign versions 1-2-All Broadcast Email

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. This is due to a SQL injection vulnerability in the admin/index.php file.

Recommendations For ActiveCampaign versions 1-2-All Broadcast Email, as a temporary workaround, consider restricting access to the admin control panel to minimize the risk of exploitation. Avoid using the username field in the admin control panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.