CVE-2007-4085

AlstraSoft AskMe Pro - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4085. PoCs published by v3n0m.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in AlstraSoft AskMe Pro 2.1 via the 'que_id' parameter. The PoC provides a crafted SQL query to extract usernames and passwords from the 'expert' table.

Description

Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by v3n0m · textwebappsphp

https://www.exploit-db.com/exploits/12372

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in AlstraSoft AskMe Pro 2.1 via the 'que_id' parameter. The PoC provides a crafted SQL query to extract usernames and passwords from the 'expert' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: AlstraSoft AskMe Pro 2.1

No auth needed

Prerequisites: Access to the vulnerable endpoint with the 'que_id' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37096

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/46166

Exploit x_refsource_misc

http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37095

Scores

EPSS 0.0093

EPSS Percentile 56.0%

Details

Status published

Products (1)

alstrasoft/askme_pro

Published Jul 30, 2007

Tracked Since Feb 18, 2026