CVE-2007-5223

high

Description

Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php.

References

http://www.vupen.com/english/advisories/2007/3344

http://www.securityfocus.com/bid/25882

http://www.securityfocus.com/archive/1/481206/100/0/threaded

http://securityreason.com/securityalert/3191

http://osvdb.org/42344

http://osvdb.org/42343

http://osvdb.org/42342

Details

Source: Mitre, NVD

Published: 2007-10-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00973