Vulnerabilities > CVE-2007-4085 - SQL-Injection vulnerability in AskMe Pro

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
alstrasoft
exploit available

Summary

Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.

Vulnerable Configurations

Part Description Count
Application
Alstrasoft
1

Exploit-Db

descriptionAskMe Pro 2.1 (que_id) SQL Injection Vulnerability. CVE-2007-4085. Webapps exploit for php platform
idEDB-ID:12372
last seen2016-02-01
modified2010-04-24
published2010-04-24
reporterv3n0m
sourcehttps://www.exploit-db.com/download/12372/
titleAskMe Pro 2.1 que_id SQL Injection Vulnerability