CVE-2007-4084

AlstraSoft Affiliate Network Pro - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4084. PoCs published by Lostmon.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in AlstraSoft Affiliate Network Pro, including a sample SQLi payload. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Description

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/30371

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in AlstraSoft Affiliate Network Pro, including a sample SQLi payload. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: AlstraSoft Affiliate Network Pro

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37870

Exploit x_refsource_misc

http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25026

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37869

Scores

EPSS 0.0099

EPSS Percentile 58.0%

Details

Status published

Products (1)

alstrasoft/affiliate_network_pro 8.0

Published Jul 30, 2007

Tracked Since Feb 18, 2026