Alstrasoft · Alstrasoft Forum Pay Per Post Exchange · CVE-2008-3954
**Name of the Vulnerable Software and Affected Versions**
AlstraSoft Forum Pay Per Post Exchange (affected versions not specified)
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in a "showcat" action in the index.php file.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.