製品・ソフトウェアに関する情報

JVN脆弱性詳細

ActiveCampaign TrioLive の department_offline_context.php における SQL インジェクションの脆弱性

タイトル	ActiveCampaign TrioLive の department_offline_context.php における SQL インジェクションの脆弱性
概要	ActiveCampaign TrioLive の department_offline_context.php には、SQL インジェクションの脆弱性が存在します。
想定される影響	第三者により、index.php への department_id パラメータを介して、任意の SQL コマンドを実行されるされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2008年11月11日0:00
登録日	2012年6月26日16:03
最終更新日	2012年6月26日16:03

CVSS2.0 : 危険
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P

影響を受けるシステム

activecampaign

triolive 1.58.7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-5055	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5055
National Vulnerability Database (NVD)
2	CVE-2008-5055	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5055

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

ベンダー情報

No	名前	URL
activecampaign
1	t=4554	http://www.activecampaign.com/forum/showthread.php?t=4554

変更履歴

No	変更内容	変更日
0	[2012年06月26日] 掲載	2018年2月17日10:37

NVD脆弱性情報

CVE-2008-5055

概要	SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.
公表日	2008年11月13日20:30
登録日	2021年1月29日13:45
最終更新日	2017年8月8日10:33

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:activecampaign:triolive:1.0:::::::*
cpe:2.3:a:activecampaign:triolive:1.03:::::::*
cpe:2.3:a:activecampaign:triolive:1.04:::::::*
cpe:2.3:a:activecampaign:triolive:1.05:::::::*
cpe:2.3:a:activecampaign:triolive:1.06:::::::*
cpe:2.3:a:activecampaign:triolive:1.07:::::::*
cpe:2.3:a:activecampaign:triolive:1.08:::::::*
cpe:2.3:a:activecampaign:triolive:1.09:::::::*
cpe:2.3:a:activecampaign:triolive:1.10:::::::*
cpe:2.3:a:activecampaign:triolive:1.11:::::::*
cpe:2.3:a:activecampaign:triolive:1.12:::::::*
cpe:2.3:a:activecampaign:triolive:1.13:::::::*
cpe:2.3:a:activecampaign:triolive:1.14:::::::*
cpe:2.3:a:activecampaign:triolive:1.15:::::::*
cpe:2.3:a:activecampaign:triolive:1.16:::::::*
cpe:2.3:a:activecampaign:triolive:1.17:::::::*
cpe:2.3:a:activecampaign:triolive:1.18:::::::*
cpe:2.3:a:activecampaign:triolive:1.19:::::::*
cpe:2.3:a:activecampaign:triolive:1.20:::::::*
cpe:2.3:a:activecampaign:triolive:1.21:::::::*
cpe:2.3:a:activecampaign:triolive:1.22:::::::*
cpe:2.3:a:activecampaign:triolive:1.23:::::::*
cpe:2.3:a:activecampaign:triolive:1.24:::::::*
cpe:2.3:a:activecampaign:triolive:1.25:::::::*
cpe:2.3:a:activecampaign:triolive:1.26:::::::*
cpe:2.3:a:activecampaign:triolive:1.27:::::::*
cpe:2.3:a:activecampaign:triolive:1.28:::::::*
cpe:2.3:a:activecampaign:triolive:1.29:::::::*
cpe:2.3:a:activecampaign:triolive:1.30:::::::*
cpe:2.3:a:activecampaign:triolive:1.31:::::::*
cpe:2.3:a:activecampaign:triolive:1.32:::::::*
cpe:2.3:a:activecampaign:triolive:1.33:::::::*
cpe:2.3:a:activecampaign:triolive:1.34:::::::*
cpe:2.3:a:activecampaign:triolive:1.35:::::::*
cpe:2.3:a:activecampaign:triolive:1.36:::::::*
cpe:2.3:a:activecampaign:triolive:1.37:::::::*
cpe:2.3:a:activecampaign:triolive:1.39:::::::*
cpe:2.3:a:activecampaign:triolive:1.40:::::::*
cpe:2.3:a:activecampaign:triolive:1.41:::::::*
cpe:2.3:a:activecampaign:triolive:1.42:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.3:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.4:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.5:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.6:::::::*
cpe:2.3:a:activecampaign:triolive:1.55.0:::::::*
cpe:2.3:a:activecampaign:triolive:1.55.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.55.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.3:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.4:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.5:::::::*
cpe:2.3:a:activecampaign:triolive:1.57:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.0:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.3:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.4:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.5:::::::*
cpe:2.3:a:activecampaign:triolive::::::::		1.58.6
cpe:2.3:a:activecampaign:triolive:unknown:beta2::::::
cpe:2.3:a:activecampaign:triolive:unknown:beta3::::::
cpe:2.3:a:activecampaign:triolive:unknown:beta5::::::

構成1	以上	以下	より上	未満
cpe:2.3:a:activecampaign:triolive:1.0:::::::*
cpe:2.3:a:activecampaign:triolive:1.03:::::::*
cpe:2.3:a:activecampaign:triolive:1.04:::::::*
cpe:2.3:a:activecampaign:triolive:1.05:::::::*
cpe:2.3:a:activecampaign:triolive:1.06:::::::*
cpe:2.3:a:activecampaign:triolive:1.07:::::::*
cpe:2.3:a:activecampaign:triolive:1.08:::::::*
cpe:2.3:a:activecampaign:triolive:1.09:::::::*
cpe:2.3:a:activecampaign:triolive:1.10:::::::*
cpe:2.3:a:activecampaign:triolive:1.11:::::::*
cpe:2.3:a:activecampaign:triolive:1.12:::::::*
cpe:2.3:a:activecampaign:triolive:1.13:::::::*
cpe:2.3:a:activecampaign:triolive:1.14:::::::*
cpe:2.3:a:activecampaign:triolive:1.15:::::::*
cpe:2.3:a:activecampaign:triolive:1.16:::::::*
cpe:2.3:a:activecampaign:triolive:1.17:::::::*
cpe:2.3:a:activecampaign:triolive:1.18:::::::*
cpe:2.3:a:activecampaign:triolive:1.19:::::::*
cpe:2.3:a:activecampaign:triolive:1.20:::::::*
cpe:2.3:a:activecampaign:triolive:1.21:::::::*
cpe:2.3:a:activecampaign:triolive:1.22:::::::*
cpe:2.3:a:activecampaign:triolive:1.23:::::::*
cpe:2.3:a:activecampaign:triolive:1.24:::::::*
cpe:2.3:a:activecampaign:triolive:1.25:::::::*
cpe:2.3:a:activecampaign:triolive:1.26:::::::*
cpe:2.3:a:activecampaign:triolive:1.27:::::::*
cpe:2.3:a:activecampaign:triolive:1.28:::::::*
cpe:2.3:a:activecampaign:triolive:1.29:::::::*
cpe:2.3:a:activecampaign:triolive:1.30:::::::*
cpe:2.3:a:activecampaign:triolive:1.31:::::::*
cpe:2.3:a:activecampaign:triolive:1.32:::::::*
cpe:2.3:a:activecampaign:triolive:1.33:::::::*
cpe:2.3:a:activecampaign:triolive:1.34:::::::*
cpe:2.3:a:activecampaign:triolive:1.35:::::::*
cpe:2.3:a:activecampaign:triolive:1.36:::::::*
cpe:2.3:a:activecampaign:triolive:1.37:::::::*
cpe:2.3:a:activecampaign:triolive:1.39:::::::*
cpe:2.3:a:activecampaign:triolive:1.40:::::::*
cpe:2.3:a:activecampaign:triolive:1.41:::::::*
cpe:2.3:a:activecampaign:triolive:1.42:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.3:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.4:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.5:::::::*
cpe:2.3:a:activecampaign:triolive:1.50.6:::::::*
cpe:2.3:a:activecampaign:triolive:1.55.0:::::::*
cpe:2.3:a:activecampaign:triolive:1.55.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.55.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.3:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.4:::::::*
cpe:2.3:a:activecampaign:triolive:1.56.5:::::::*
cpe:2.3:a:activecampaign:triolive:1.57:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.0:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.1:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.2:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.3:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.4:::::::*
cpe:2.3:a:activecampaign:triolive:1.58.5:::::::*
cpe:2.3:a:activecampaign:triolive::::::::		1.58.6
cpe:2.3:a:activecampaign:triolive:unknown:beta2::::::
cpe:2.3:a:activecampaign:triolive:unknown:beta3::::::
cpe:2.3:a:activecampaign:triolive:unknown:beta5::::::

No	URL	refsource	タグ
1	http://activecampaign.com/support/forum/showthread.php?t=4554	CONFIRM	Patch
2	http://holisticinfosec.org/content/view/93/45/	MISC
3	http://osvdb.org/49825	OSVDB
4	http://secunia.com/advisories/32703	SECUNIA	Patch Vendor Advisory
5	http://www.securityfocus.com/bid/32268	BID
6	http://www.vupen.com/english/advisories/2008/3125	VUPEN
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/46557	XF