CVE-2005-3793

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=113209435819541&w=2
http://myblog.it-security23.net/?postid=5
http://secunia.com/advisories/17605/	Vendor Advisory
http://www.osvdb.org/20889
http://www.osvdb.org/20893
http://www.vupen.com/english/advisories/2005/2455
https://exchange.xforce.ibmcloud.com/vulnerabilities/23073

Configurations

Configuration 1 (hide)

cpe:2.3:a:alstrasoft:affiliate_network_pro:7.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-11-24 11:03

Updated : 2017-07-11 01:33

NVD link : CVE-2005-3793

Mitre link : CVE-2005-3793

CVE.ORG link : CVE-2005-3793

JSON object : View

Products Affected

alstrasoft

affiliate_network_pro

CWE

NVD-CWE-Other

{"id": "CVE-2005-3793", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-11-24T11:03:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=113209435819541&w=2", "source": "cve@mitre.org"}, {"url": "http://myblog.it-security23.net/?postid=5", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17605/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/20889", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/20893", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2455", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23073", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en AlstraSoft Affiliate Network Pro 7.2 permiten a atacantes remotos sortear la autenticaci\u00f3n y ejecutar comandos SQL de su elecci\u00f3n mediante los par\u00e1metros (1) username o (2) password de admin/admin_validate_login, o los par\u00e1metros (3) login, (4) password, y (5) de login_validate.php."}], "lastModified": "2017-07-11T01:33:18.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alstrasoft:affiliate_network_pro:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "265CB451-3957-4F23-8C6E-78B553513B6C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}