Vulnerabilities > CVE-2007-4084 - SQL-Injection vulnerability in Alstrasoft Affiliate Network PRO 8.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
alstrasoft
exploit available
NVD
Published: 2007-07-30
Updated: 2008-11-15

Summary

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.

Vulnerable Configurations

Part Description Count
Application
Alstrasoft
1

Exploit-Db

descriptionAlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection. CVE-2007-4084. Webapps exploit for php platform
idEDB-ID:30371
last seen2016-02-03
modified2007-07-23
published2007-07-23
reporterLostmon
sourcehttps://www.exploit-db.com/download/30371/
titleAlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection

References