HTTP: ActiveCampaign 1-2-All Broadcast Email 4.0.0 7 SQL Injection
This signature detects attempts to exploit a known SQL Injection vulnerability in the ActiveCampaign 1-2-All Broadcast Email web-based email marketing application. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. Successful attacks could compromise the software. Depending on the database implementation and the nature of the affected query, the attacker may be able to gain unauthorized access to the database.
Affected Products
Activecampaign 1-2-all_broadcast_email
Short Name
HTTP:SQL:INJ:ACTIVECAMPAIGN
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
1-2-All 4.0.0 7 ActiveCampaign Broadcast CVE-2005-3679 Email Injection SQL bid:15400
Release Date
04/29/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Activecampaign
CVSS Score
7.5