CVE-2008-5055

Description

SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.

Affected products

• activecampaign / triolive1.58.6
• activecampaign / triolive1.0 – 1.0
• activecampaign / triolive1.03 – 1.03
• activecampaign / triolive1.04 – 1.04
• activecampaign / triolive1.05 – 1.05
• activecampaign / triolive1.06 – 1.06
• activecampaign / triolive1.07 – 1.07
• activecampaign / triolive1.08 – 1.08
• activecampaign / triolive1.09 – 1.09
• activecampaign / triolive1.10 – 1.10
• activecampaign / triolive1.11 – 1.11
• activecampaign / triolive1.12 – 1.12
• activecampaign / triolive1.13 – 1.13
• activecampaign / triolive1.14 – 1.14
• activecampaign / triolive1.15 – 1.15
• activecampaign / triolive1.16 – 1.16
• activecampaign / triolive1.17 – 1.17
• activecampaign / triolive1.18 – 1.18
• activecampaign / triolive1.19 – 1.19
• activecampaign / triolive1.20 – 1.20
• activecampaign / triolive1.21 – 1.21
• activecampaign / triolive1.22 – 1.22
• activecampaign / triolive1.23 – 1.23
• activecampaign / triolive1.24 – 1.24
• activecampaign / triolive1.25 – 1.25
• activecampaign / triolive1.26 – 1.26
• activecampaign / triolive1.27 – 1.27
• activecampaign / triolive1.28 – 1.28
• activecampaign / triolive1.29 – 1.29
• activecampaign / triolive1.30 – 1.30
• activecampaign / triolive1.31 – 1.31
• activecampaign / triolive1.32 – 1.32
• activecampaign / triolive1.33 – 1.33
• activecampaign / triolive1.34 – 1.34
• activecampaign / triolive1.35 – 1.35
• activecampaign / triolive1.36 – 1.36
• activecampaign / triolive1.37 – 1.37
• activecampaign / triolive1.39 – 1.39
• activecampaign / triolive1.40 – 1.40
• activecampaign / triolive1.41 – 1.41
• activecampaign / triolive1.42 – 1.42
• activecampaign / triolive1.50.1 – 1.50.1
• activecampaign / triolive1.50.2 – 1.50.2
• activecampaign / triolive1.50.3 – 1.50.3
• activecampaign / triolive1.50.4 – 1.50.4
• activecampaign / triolive1.50.5 – 1.50.5
• activecampaign / triolive1.50.6 – 1.50.6
• activecampaign / triolive1.55.0 – 1.55.0
• activecampaign / triolive1.55.1 – 1.55.1
• activecampaign / triolive1.55.2 – 1.55.2
• activecampaign / triolive1.56.1 – 1.56.1
• activecampaign / triolive1.56.2 – 1.56.2
• activecampaign / triolive1.56.3 – 1.56.3
• activecampaign / triolive1.56.4 – 1.56.4
• activecampaign / triolive1.56.5 – 1.56.5
• activecampaign / triolive1.57 – 1.57
• activecampaign / triolive1.58.0 – 1.58.0
• activecampaign / triolive1.58.1 – 1.58.1
• activecampaign / triolive1.58.2 – 1.58.2
• activecampaign / triolive1.58.3 – 1.58.3
• activecampaign / triolive1.58.4 – 1.58.4
• activecampaign / triolive1.58.5 – 1.58.5
• activecampaign / trioliveunknown – unknown
• activecampaign / trioliveunknown – unknown
• activecampaign / trioliveunknown – unknown

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/3125
• MISChttp://www.securityfocus.com/bid/32268
• MISChttp://activecampaign.com/support/forum/showthread.php?t=4554
• VENDOR_ADVISORYhttp://secunia.com/advisories/32703
• MISChttp://holisticinfosec.org/content/view/93/45/
• MISChttp://osvdb.org/49825
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46557