PT-2008-6702 · Alstrasoft · Alstrasoft Article Manager Pro

Zorlu

Published

2008-12-17

Updated

2017-09-29

CVE-2008-5649

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AlstraSoft Article Manager Pro version 1.6

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the username parameter in the "admin/admin.php" API endpoint.

Recommendations For AlstraSoft Article Manager Pro version 1.6, consider restricting access to the "admin/admin.php" endpoint until a patch is available, and avoid using the username parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-5649

Affected Products

Alstrasoft Article Manager Pro

PT-2008-6702 · Alstrasoft · Alstrasoft Article Manager Pro

CVE-2008-5649

Weakness Enumeration

Related Identifiers

Affected Products

References · 7