Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3793

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3793
Last Modified 07 Mar 2011 09:27:11
Published 24 Nov 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3793

Summary

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.

Vulnerable Systems

Application

  • Alstrasoft Affiliate Network Pro 7.2


References

XF - affiliate-network-login-sql-injection(23073)

VUPEN - ADV-2005-2455

SECUNIA - 17605

MISC - http://myblog.it-security23.net/?postid=5

BUGTRAQ - 20051115 Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS

OSVDB - 20893

OSVDB - 20889


Last Updated: 27 May 2016 10:41:02