CVE-2007-4084

Name of the Vulnerable Software and Affected Versions AlstraSoft Affiliate Network Pro (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the pgmid parameter in an uploadProducts action to "merchants/index.php" and possibly the rowid parameter to "merchants/temp.php".

Recommendations For AlstraSoft Affiliate Network Pro, consider restricting access to the merchants/index.php and merchants/temp.php scripts until a fix is available. As a temporary workaround, avoid using the pgmid and rowid parameters in the affected API endpoints until the issue is resolved.