Popo

**Name of the Vulnerable Software and Affected Versions** ActiveCampaign versions 1-2-All Broadcast Email **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the `username` field in the admin control panel. This is due to a SQL injection vulnerability in the admin/index.php file. **Recommendations** For ActiveCampaign versions 1-2-All Broadcast Email, as a temporary workaround, consider restricting access to the admin control panel to minimize the risk of exploitation. Avoid using the `username` field in the admin control panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.