Vulnerabilities > CVE-2005-3796 - Remote Security vulnerability in Alstrasoft Affiliate Network PRO 7.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://marc.info/?l=bugtraq&m=113209435819541&w=2
- http://myblog.it-security23.net/?postid=5
- http://secunia.com/advisories/17605/
- http://securityreason.com/securityalert/184
- http://www.osvdb.org/20890
- http://www.vupen.com/english/advisories/2005/2455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23076