Title : ActiveCampaign TrioLive "department_id" SQL Injection Vulnerability VUPEN ID : VUPEN/ADV-2008-3125 CVE ID : CVE-2008-5055 - CVE-2008-5056 CWE ID : CWE-79 - CWE-89
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-11-12
Technical Description
A vulnerability has been identified in ActiveCampaign TrioLive, which could be exploited by attackers to inject SQL queries or scripting code. This issue is caused by input validation errors in the "department_offline_context.php" script when processing the "department_id" parameter, which could be exploited by malicious people to conduct SQL injection or cross site scripting attacks.
