7.5
CVE-2008-5055
- EPSS 0.71%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activecampaign ≫ Triolive Version <= 1.58.6
Activecampaign ≫ Triolive Version1.0
Activecampaign ≫ Triolive Version1.03
Activecampaign ≫ Triolive Version1.04
Activecampaign ≫ Triolive Version1.05
Activecampaign ≫ Triolive Version1.06
Activecampaign ≫ Triolive Version1.07
Activecampaign ≫ Triolive Version1.08
Activecampaign ≫ Triolive Version1.09
Activecampaign ≫ Triolive Version1.10
Activecampaign ≫ Triolive Version1.11
Activecampaign ≫ Triolive Version1.12
Activecampaign ≫ Triolive Version1.13
Activecampaign ≫ Triolive Version1.14
Activecampaign ≫ Triolive Version1.15
Activecampaign ≫ Triolive Version1.16
Activecampaign ≫ Triolive Version1.17
Activecampaign ≫ Triolive Version1.18
Activecampaign ≫ Triolive Version1.19
Activecampaign ≫ Triolive Version1.20
Activecampaign ≫ Triolive Version1.21
Activecampaign ≫ Triolive Version1.22
Activecampaign ≫ Triolive Version1.23
Activecampaign ≫ Triolive Version1.24
Activecampaign ≫ Triolive Version1.25
Activecampaign ≫ Triolive Version1.26
Activecampaign ≫ Triolive Version1.27
Activecampaign ≫ Triolive Version1.28
Activecampaign ≫ Triolive Version1.29
Activecampaign ≫ Triolive Version1.30
Activecampaign ≫ Triolive Version1.31
Activecampaign ≫ Triolive Version1.32
Activecampaign ≫ Triolive Version1.33
Activecampaign ≫ Triolive Version1.34
Activecampaign ≫ Triolive Version1.35
Activecampaign ≫ Triolive Version1.36
Activecampaign ≫ Triolive Version1.37
Activecampaign ≫ Triolive Version1.39
Activecampaign ≫ Triolive Version1.40
Activecampaign ≫ Triolive Version1.41
Activecampaign ≫ Triolive Version1.42
Activecampaign ≫ Triolive Version1.50.1
Activecampaign ≫ Triolive Version1.50.2
Activecampaign ≫ Triolive Version1.50.3
Activecampaign ≫ Triolive Version1.50.4
Activecampaign ≫ Triolive Version1.50.5
Activecampaign ≫ Triolive Version1.50.6
Activecampaign ≫ Triolive Version1.55.0
Activecampaign ≫ Triolive Version1.55.1
Activecampaign ≫ Triolive Version1.55.2
Activecampaign ≫ Triolive Version1.56.1
Activecampaign ≫ Triolive Version1.56.2
Activecampaign ≫ Triolive Version1.56.3
Activecampaign ≫ Triolive Version1.56.4
Activecampaign ≫ Triolive Version1.56.5
Activecampaign ≫ Triolive Version1.57
Activecampaign ≫ Triolive Version1.58.0
Activecampaign ≫ Triolive Version1.58.1
Activecampaign ≫ Triolive Version1.58.2
Activecampaign ≫ Triolive Version1.58.3
Activecampaign ≫ Triolive Version1.58.4
Activecampaign ≫ Triolive Version1.58.5
Activecampaign ≫ Triolive Versionunknown Updatebeta2
Activecampaign ≫ Triolive Versionunknown Updatebeta3
Activecampaign ≫ Triolive Versionunknown Updatebeta5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.698 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.