PT-2007-6306 · Alstrasoft · Alstrasoft Affiliate Network Pro

Publicado

2007-10-05

Atualizado

2018-10-15

CVE-2007-5223

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: AlstraSoft Affiliate Network Pro (affected versions not specified)

Description: The issue is related to multiple unspecified vulnerabilities that allow remote attackers to include local files and have other unspecified impact. This is due to incorrect input validation or other defects involving certain files and parameters, such as admin/backupstart.php, .sql filenames under admin/admin/dump/, the fl parameter to admin/downloadbackup.php, and the use of .. (dot dot) in the fl parameter to admin/downloadbackup.php.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2007-5223

Produtos afetados

Alstrasoft Affiliate Network Pro

PT-2007-6306 · Alstrasoft · Alstrasoft Affiliate Network Pro

CVE-2007-5223

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8