4 matches found
CVE-2006-0970
CVE-2006-0970 is a PHP remote file inclusion vulnerability in index.php used by one or more ActiveCampaign products, potentially SupportTrio. The underlying issue is improper handling of the page parameter, allowing attackers to include and execute arbitrary files. The CVSS 2.0 base score is 7.5 ...
CVE-2005-4634
CVE-2005-4634 describes an SQL injection in index.php of ActiveCampaign SupportTrio 1.4, exploitable via the page parameter. The vulnerability is documented with a high impact score (CVSS v2 base 7.5) and network access with no authentication required, causing potential unauthorized database comm...
CVE-2006-1487
CVE-2006-1487 describes a Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2. The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module. The NVD reports a CVSS2 base score of 4.3 (MEDIUM) with N...
CVE-2006-1488
ActiveCampaign SupportTrio 2.5 is affected. The issue exposes the server’s full path via error messages when handling (1) invalid article or (2) invalid print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php. Root cause: error messages leak path i...