activecampaign 漏洞与 CVE 列表(16)

产品(CPE): — CVE 数: 16

activecampaign 漏洞概览

汇总 activecampaign 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 SQL 注入与跨站脚本 等问题,部分漏洞可能导致 数据泄露,并影响 生产负载与软件部署 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11616 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-32430 Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14. [email protected] 4.4 0.35% 2024-04-15 2026-06-17
CVE-2023-0233 The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks [email protected] 5.4 0.46% 2023-05-15 2026-06-17
CVE-2022-3923 The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. [email protected] 4.3 0.48% 2023-01-09 2026-06-17
CVE-2021-24133 Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account. [email protected] 4.3 0.47% 2021-03-18 2026-06-16
CVE-2008-5056 Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php. [email protected] 4.3 1.06% 2008-11-13 2026-06-16
CVE-2008-5055 SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php. [email protected] 7.5 1.30% 2008-11-13 2026-06-16
CVE-2007-2630 Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html. [email protected] 6.5 1.31% 2007-05-11 2026-06-16
CVE-2006-5919 PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131. [email protected] 7.5 3.14% 2006-11-15 2026-06-16
CVE-2006-1488 ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message. [email protected] 5.0 1.53% 2006-03-28 2026-06-16
CVE-2006-1487 Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module. [email protected] 4.3 1.88% 2006-03-28 2026-06-16
CVE-2006-0970 PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter. [email protected] 7.5 1.51% 2006-03-03 2026-06-16
CVE-2005-4634 SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. [email protected] 7.5 1.18% 2005-12-31 2026-06-16
CVE-2005-3829 index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed. [email protected] 7.8 1.85% 2005-11-26 2026-06-16
CVE-2005-3828 SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. [email protected] 7.5 1.21% 2005-11-26 2026-06-16
CVE-2005-3679 SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. [email protected] 7.5 1.26% 2005-11-18 2026-06-16
CVE-2003-1131 PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code. [email protected] 7.5 3.43% 2003-12-31 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence