Vulnerabilities > Alstrasoft > Forum PAY PER Post Exchange

DATE CVE VULNERABILITY TITLE RISK
2008-09-11 CVE-2008-3954 SQL Injection vulnerability in Alstrasoft Forum PAY PER Post Exchange
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.
network
low complexity
alstrasoft CWE-89
7.5
7.5
2008-01-23 CVE-2008-0440 Credentials Management vulnerability in Alstrasoft Forum PAY PER Post Exchange 2.0
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
network
low complexity
alstrasoft CWE-255
5.0
5.0
2008-01-23 CVE-2008-0429 SQL Injection vulnerability in Alstrasoft Forum PAY PER Post Exchange 2.0
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
network
low complexity
alstrasoft CWE-89
7.5
7.5