Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5223

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5223
Last Modified 07 Mar 2011 10:00:19
Published 04 Oct 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5223

Summary

Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php.

Vulnerable Systems

Application

  • Alstrasoft Affiliate Network Pro 8.0


References

VUPEN - ADV-2007-3344

BID - 25882

BUGTRAQ - 20070929 Affiliate Network Pro Multiple Input Validation and Local file inclusion

OSVDB - 42344

OSVDB - 42343

OSVDB - 42342

SREASON - 3191


Last Updated: 27 May 2016 10:46:06