CVE-2005-3793

Name of the Vulnerable Software and Affected Versions AlstraSoft Affiliate Network Pro version 7.2

Description The issue allows remote attackers to bypass authentication and execute arbitrary SQL commands. This can be achieved via the username or password to admin/admin validate login, or the login, password, and flag parameters to "login validate.php".

Recommendations For AlstraSoft Affiliate Network Pro version 7.2, consider disabling the login functionality until a patch is available to prevent exploitation. Restrict access to the "login validate.php" endpoint to minimize the risk of SQL injection attacks. Avoid using the username, password, and flag parameters in the affected endpoint until the issue is resolved.