Lucene search

[email protected]CVE-2007-4084

HistoryJul 30, 2007 - 5:30 p.m.

CVE-2007-4084

2007-07-3017:30:00

[email protected]

web.nvd.nist.gov

alstrasoft affiliate network pro

sql injection

remote attack

arbitrary commands

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.4%

JSON

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.

Affected configurations

NVD

Node

alstrasoftaffiliate_network_proMatch8.0

CPENameOperatorVersion
alstrasoft:affiliate_network_proalstrasoft affiliate network proeq8.0

CPE	Name	Operator	Version
alstrasoft:affiliate_network_pro	alstrasoft affiliate network pro	eq	8.0

References

lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html

osvdb.org/37869

osvdb.org/37870

www.securityfocus.com/bid/25026

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.4%

JSON

Related for CVE-2007-4084

prion1 cvelist1 nvd1