Vulnerability Description
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Activecampaign | 1-2-All Broadcast Email | 4.07 |
References
- http://marc.info/?l=bugtraq&m=113201260613863&w=2
- http://www.osvdb.org/20949
- http://www.securityfocus.com/bid/15400/Exploit
- http://marc.info/?l=bugtraq&m=113201260613863&w=2
- http://www.osvdb.org/20949
- http://www.securityfocus.com/bid/15400/Exploit
FAQ
What is CVE-2005-3679?
CVE-2005-3679 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in t...
How severe is CVE-2005-3679?
CVE-2005-3679 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3679?
Check the references section above for vendor advisories and patch information. Affected products include: Activecampaign 1-2-All Broadcast Email.