Vulnerability Description
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adserversolutions | Affiliate Software Java | 4.0 |
Related Weaknesses (CWE)
References
- http://packetstorm.linuxsecurity.com/0812-exploits/affiliatesj-sql.txtExploit
- http://secunia.com/advisories/33072Vendor Advisory
- http://www.securityfocus.com/bid/32791Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47280
- https://www.exploit-db.com/exploits/7423
- http://packetstorm.linuxsecurity.com/0812-exploits/affiliatesj-sql.txtExploit
- http://secunia.com/advisories/33072Vendor Advisory
- http://www.securityfocus.com/bid/32791Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47280
- https://www.exploit-db.com/exploits/7423
FAQ
What is CVE-2008-6366?
CVE-2008-6366 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly re...
How severe is CVE-2008-6366?
CVE-2008-6366 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6366?
Check the references section above for vendor advisories and patch information. Affected products include: Adserversolutions Affiliate Software Java.