Signature Detail
Short Name |
HTTP:SQL:INJ:ACTIVECAMPAIGN |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ActiveCampaign 1-2-All Broadcast Email 4.0.0 7 SQL Injection |
Release Date |
2013/04/29 |
Update Number |
2258 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: ActiveCampaign 1-2-All Broadcast Email 4.0.0 7 SQL Injection
This signature detects attempts to exploit a known SQL Injection vulnerability in the ActiveCampaign 1-2-All Broadcast Email web-based email marketing application. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. Successful attacks could compromise the software. Depending on the database implementation and the nature of the affected query, the attacker may be able to gain unauthorized access to the database.
Affected Products
- ActiveCampaign 1-2-All Broadcast Email 4.0.0 7
References
- BugTraq: 15400
- CVE: CVE-2005-3679