PT-2005-4547 · Alstrasoft · Alstrasoft Affiliate Network Pro

Robin Verton

Published

2005-11-24

Updated

2017-07-11

CVE-2005-3796

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AlstraSoft Affiliate Network Pro version 7.2

Description A direct static code injection issue exists in the admin options manage.php file, allowing attackers to execute arbitrary PHP code via the number parameter. It is unclear whether administrator privileges are required to exploit this issue.

Recommendations For AlstraSoft Affiliate Network Pro version 7.2, consider restricting access to the admin options manage.php file and the number parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3796

Affected Products

Alstrasoft Affiliate Network Pro

PT-2005-4547 · Alstrasoft · Alstrasoft Affiliate Network Pro

CVE-2005-3796

Related Identifiers

Affected Products

References · 8