Vulnerabilities > CVE-2007-4084 - SQL-Injection vulnerability in Alstrasoft Affiliate Network PRO 8.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | AlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection. CVE-2007-4084. Webapps exploit for php platform |
id | EDB-ID:30371 |
last seen | 2016-02-03 |
modified | 2007-07-23 |
published | 2007-07-23 |
reporter | Lostmon |
source | https://www.exploit-db.com/download/30371/ |
title | AlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection |