PT-2007-5287 · Alstrasoft · Alstrasoft Affiliate Network Pro

Published

2007-07-30

Updated

2008-11-15

CVE-2007-4084

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AlstraSoft Affiliate Network Pro (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the pgmid parameter in an uploadProducts action to "merchants/index.php" and possibly the rowid parameter to "merchants/temp.php".

Recommendations For AlstraSoft Affiliate Network Pro, consider restricting access to the merchants/index.php and merchants/temp.php scripts until a fix is available. As a temporary workaround, avoid using the pgmid and rowid parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4084

Affected Products

Alstrasoft Affiliate Network Pro

PT-2007-5287 · Alstrasoft · Alstrasoft Affiliate Network Pro

CVE-2007-4084

Related Identifiers

Affected Products

References · 6