Description
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by 3d D3v!L · textwebappsjsp
https://www.exploit-db.com/exploits/32655
exploitdb
WORKING POC
VERIFIED
by R3d-D3V!L · textwebappsasp
https://www.exploit-db.com/exploits/7423
References (5)
Core 5
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7423
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33072
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47280
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32791
Exploit x_refsource_misc
http://packetstorm.linuxsecurity.com/0812-exploits/affiliatesj-sql.txt
Scores
EPSS
0.0053
EPSS Percentile
67.5%
Details
CWE
CWE-89
Status
published
Products (1)
adserversolutions/affiliate_software_java
4.0
Published
Mar 02, 2009
Tracked Since
Feb 18, 2026