CVE-2008-6366

Name of the Vulnerable Software and Affected Versions: Ad Server Solutions Affiliate Software Java version 4.0

Description: The issue allows remote attackers to execute arbitrary SQL commands, possibly related to the uname and pass parameters to "logon process.jsp". This is achieved via the username and password in "logon.jsp".

Recommendations: For Ad Server Solutions Affiliate Software Java version 4.0, consider restricting access to the "logon.jsp" and "logon process.jsp" pages until a fix is available, and avoid using the uname and pass parameters in the "logon process.jsp" endpoint to minimize the risk of exploitation.