From: Support Service <krustevs@googlemail.com>
To: moderators@osvdb.org
Date: Thu, 24 Nov 2005 10:07:23 -0500
Subject: [OSVDB Mods] ActiveCampaign KnowledgeBuilder Vuln.

ActiveCampaign KnowledgeBuilder Vuln.
Vuln. dicovered by : r0t
Date: 24 nov. 2005
Orginal advisory:http://pridels.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html
Vendor:http://www.activecampaign.com/kb/
KnowledgeBuilder Version: 2.4 and prior

Vuln. description:

1.
Input passed to the "article" parameter in "index.php" isn't properly
sanitised before being used in a SQL query.This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

example:
http://host/KnowledgeBuilder/index.php?article=[SQL]

2.
Input passed to the "category" parameter in "index.php" isn't properly
sanitised before being used in a SQL query it gives to attacker full
path and it can be used for other attack types.
example:
http://host//KnowledgeBuilder/index.php?category=[Full Path Disclosure]


   Solution:
Edit the source code to ensure that input is properly sanitised.