3 matches found
PT-2026-49117
Name of the Vulnerable Software and Affected Versions Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions prior to 1.1.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input i...
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...
LocalTapiola: Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi)
Basic report information Summary: CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf Description: Any user subscribed to Active Campaign, or admin too, attacker...