Vulnerabilities > CVE-2005-3909 - SQL Injection vulnerability in Post Affiliate Pro

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
post-affiliate-pro
exploit available

Summary

SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.

Vulnerable Configurations

Part Description Count
Application
Post_Affiliate_Pro
1

Exploit-Db

descriptionPost Affiliate Pro 2.0.4 Index.PHP SQL Injection Vulnerability. CVE-2005-3909. Webapps exploit for php platform
idEDB-ID:26652
last seen2016-02-03
modified2005-11-29
published2005-11-29
reporterr0t
sourcehttps://www.exploit-db.com/download/26652/
titlePost Affiliate Pro 2.0.4 Index.PHP SQL Injection Vulnerability