PT-2005-4435 · Activecampaign · Activecampaign

Popo

Published

2005-11-18

Updated

2016-10-18

CVE-2005-3679

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ActiveCampaign versions 1-2-All Broadcast Email

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. This is due to a SQL injection vulnerability in the admin/index.php file.

Recommendations For ActiveCampaign versions 1-2-All Broadcast Email, as a temporary workaround, consider restricting access to the admin control panel to minimize the risk of exploitation. Avoid using the username field in the admin control panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3679

Affected Products

Activecampaign

PT-2005-4435 · Activecampaign · Activecampaign

CVE-2005-3679

Related Identifiers

Affected Products

References · 5