Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5055

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5055
Last Modified 30 Oct 2012 11:06:40
Published 13 Nov 2008 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5055

Summary

SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.

Vulnerable Systems

Application

  • Activecampaign Triolive 1.0

  • Activecampaign Triolive 1.03

  • Activecampaign Triolive 1.04

  • Activecampaign Triolive 1.05

  • Activecampaign Triolive 1.06

  • Activecampaign Triolive 1.07

  • Activecampaign Triolive 1.08

  • Activecampaign Triolive 1.09

  • Activecampaign Triolive 1.10

  • Activecampaign Triolive 1.11

  • Activecampaign Triolive 1.12

  • Activecampaign Triolive 1.13

  • Activecampaign Triolive 1.14

  • Activecampaign Triolive 1.15

  • Activecampaign Triolive 1.16

  • Activecampaign Triolive 1.17

  • Activecampaign Triolive 1.18

  • Activecampaign Triolive 1.19

  • Activecampaign Triolive 1.20

  • Activecampaign Triolive 1.21

  • Activecampaign Triolive 1.22

  • Activecampaign Triolive 1.23

  • Activecampaign Triolive 1.24

  • Activecampaign Triolive 1.25

  • Activecampaign Triolive 1.26

  • Activecampaign Triolive 1.27

  • Activecampaign Triolive 1.28

  • Activecampaign Triolive 1.29

  • Activecampaign Triolive 1.30

  • Activecampaign Triolive 1.31

  • Activecampaign Triolive 1.32

  • Activecampaign Triolive 1.33

  • Activecampaign Triolive 1.34

  • Activecampaign Triolive 1.35

  • Activecampaign Triolive 1.36

  • Activecampaign Triolive 1.37

  • Activecampaign Triolive 1.39

  • Activecampaign Triolive 1.40

  • Activecampaign Triolive 1.41

  • Activecampaign Triolive 1.42

  • Activecampaign Triolive 1.50.1

  • Activecampaign Triolive 1.50.2

  • Activecampaign Triolive 1.50.3

  • Activecampaign Triolive 1.50.4

  • Activecampaign Triolive 1.50.5

  • Activecampaign Triolive 1.50.6

  • Activecampaign Triolive 1.55.0

  • Activecampaign Triolive 1.55.1

  • Activecampaign Triolive 1.55.2

  • Activecampaign Triolive 1.56.1

  • Activecampaign Triolive 1.56.2

  • Activecampaign Triolive 1.56.3

  • Activecampaign Triolive 1.56.4

  • Activecampaign Triolive 1.56.5

  • Activecampaign Triolive 1.57

  • Activecampaign Triolive 1.58.0

  • Activecampaign Triolive 1.58.1

  • Activecampaign Triolive 1.58.2

  • Activecampaign Triolive 1.58.3

  • Activecampaign Triolive 1.58.4

  • Activecampaign Triolive 1.58.5

  • Activecampaign Triolive 1.58.6

  • Activecampaign Triolive Unknown


References

SECUNIA - 32703

CONFIRM - http://activecampaign.com/support/forum/showthread.php?t=4554

XF - triolive-index-sql-injection(46557)

VUPEN - ADV-2008-3125

MISC - http://holisticinfosec.org/content/view/93/45/

BID - 32268

OSVDB - 49825


Last Updated: 27 May 2016 10:49:46