Vulnerabilities > CVE-2005-3796 - Unspecified vulnerability in Alstrasoft Affiliate Network PRO 7.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://marc.info/?l=bugtraq&m=113209435819541&w=2
- http://marc.info/?l=bugtraq&m=113209435819541&w=2
- http://myblog.it-security23.net/?postid=5
- http://myblog.it-security23.net/?postid=5
- http://secunia.com/advisories/17605/
- http://secunia.com/advisories/17605/
- http://securityreason.com/securityalert/184
- http://securityreason.com/securityalert/184
- http://www.osvdb.org/20890
- http://www.osvdb.org/20890
- http://www.vupen.com/english/advisories/2005/2455
- http://www.vupen.com/english/advisories/2005/2455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23076