GCVE - cpe:2.3:a:alstrasoft:affiliate_network

Approved changes feed: RSS · Atom

cpe:2.3:a:alstrasoft:affiliate_network_pro:8.0:*:*:*:*:*:*:*

part: a version: 8.0 update: *

Vendor	Alstrasoft (`a4963e9f-6c7e-59f9-91ba-7bec89015e6d`)
Product	Affiliate Network Pro (`41e512f9-944b-586a-8068-777ceb3b92bc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-5223`	vulnerable	2026-06-03 14:28:25.181778	Details available Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php. Published: 2007-10-05T00:00:00.000Z Updated: 2024-08-07T15:24:42.336Z Open on db.gcve.eu Reference links http://osvdb.org/42342 http://www.securityfocus.com/archive/1/481206/100/0/threaded http://osvdb.org/42344 http://osvdb.org/42343 http://www.securityfocus.com/bid/25882	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4084`	vulnerable	2026-06-03 14:28:17.769308	Details available Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php. Published: 2007-07-30T17:00:00.000Z Updated: 2024-08-07T14:46:37.305Z Open on db.gcve.eu Reference links http://osvdb.org/37870 http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html http://www.securityfocus.com/bid/25026 http://osvdb.org/37869	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4081`	vulnerable	2026-06-03 14:28:17.765581	Details available Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1. Published: 2007-07-30T17:00:00.000Z Updated: 2024-08-07T14:46:37.317Z Open on db.gcve.eu Reference links http://osvdb.org/46954 http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html http://osvdb.org/46953 http://www.securityfocus.com/bid/25026	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Affiliate Network Pro

PURL mappings

Vulnerability references

Contribute