Vulnerabilities > CVE-2005-3829 - SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

activecampaign

NVD

Published: 2005-11-26

Updated: 2011-03-08

Summary

index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.

Vulnerable Configurations

Part	Description	Count
Application	Activecampaign Activecampaign Knowledgebuilder 2.4	1

References

http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html
http://secunia.com/advisories/17732
http://www.osvdb.org/21098
http://www.vupen.com/english/advisories/2005/2587