ID CVE-2005-3793
Summary Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.
References
Vulnerable Configurations
  • cpe:2.3:a:alstrasoft:affiliate_network_pro:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:alstrasoft:affiliate_network_pro:7.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20051115 Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS
misc http://myblog.it-security23.net/?postid=5
osvdb
  • 20889
  • 20893
secunia 17605
vupen ADV-2005-2455
xf affiliate-network-login-sql-injection(23073)
Last major update 11-07-2017 - 01:33
Published 24-11-2005 - 11:03
Back to Top