Vulnerability Description
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alstrasoft | Affiliate Network Pro | 8.0 |
References
- http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.htmlExploit
- http://osvdb.org/37869
- http://osvdb.org/37870
- http://www.securityfocus.com/bid/25026Exploit
- http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.htmlExploit
- http://osvdb.org/37869
- http://osvdb.org/37870
- http://www.securityfocus.com/bid/25026Exploit
FAQ
What is CVE-2007-4084?
CVE-2007-4084 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants...
How severe is CVE-2007-4084?
CVE-2007-4084 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4084?
Check the references section above for vendor advisories and patch information. Affected products include: Alstrasoft Affiliate Network Pro.