Published: 11/09/2008 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Forum Pay Per Post Exchange

SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote malicious users to execute arbitrary SQL commands via the cat parameter in a showcat action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alstrasoft forum pay per post exchange

################################################################ # ___ __ _______ ___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(_____ ...

CWE-89 http://www.securityfocus.com/bid/31048 http://www.securitytracker.com/id?1020829 http://securityreason.com/securityalert/4233 http://www.vupen.com/english/advisories/2008/2508 https://exchange.xforce.ibmcloud.com/vulnerabilities/44932 https://www.exploit-db.com/exploits/6396 https://nvd.nist.gov https://www.exploit-db.com/exploits/6396/

CVE-2008-3954

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect