PT-2008-2061 · Alstrasoft · Alstrasoft Forum Pay Per Post Exchange

R45C4L

Published

2008-01-23

Updated

2017-09-29

CVE-2008-0429

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AlstraSoft Forum Pay Per Post Exchange version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the catid parameter in a "forum catview" action.

Recommendations For version 2.0, consider restricting access to the catid parameter in the "forum catview" action to minimize the risk of exploitation. Avoid using the catid parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-0429

Affected Products

Alstrasoft Forum Pay Per Post Exchange

PT-2008-2061 · Alstrasoft · Alstrasoft Forum Pay Per Post Exchange

CVE-2008-0429

Weakness Enumeration

Related Identifiers

Affected Products

References · 7