CVE-2005-3793

Sažetak

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.

Reference

http://marc.info/?l=bugtraq&m=113209435819541&w=2
http://myblog.it-security23.net/?postid=5
http://secunia.com/advisories/17605/
http://www.osvdb.org/20889
http://www.osvdb.org/20893
http://www.vupen.com/english/advisories/2005/2455
https://exchange.xforce.ibmcloud.com/vulnerabilities/23073

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

24-11-2005 - 11:03