SQL Injection Vulnerability in ActiveCampaign 1-2-All Broadcast Email: Bypass Authentication and Remote Code Execution

SQL Injection Vulnerability in ActiveCampaign 1-2-All Broadcast Email: Bypass Authentication and Remote Code Execution

CVE-2005-3679 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.

Learn more about our User Device Pen Test.