CVE-2008-6366

SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp.  NOTE: some of these details are obtained from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
adserversolutionsaffiliate_software_java
4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstorm.linuxsecurity.com/0812-exploits/affiliatesj-sql.txt
http://secunia.com/advisories/33072
http://www.securityfocus.com/bid/32791
https://exchange.xforce.ibmcloud.com/vulnerabilities/47280
https://www.exploit-db.com/exploits/7423
http://packetstorm.linuxsecurity.com/0812-exploits/affiliatesj-sql.txt
http://secunia.com/advisories/33072
http://www.securityfocus.com/bid/32791
https://exchange.xforce.ibmcloud.com/vulnerabilities/47280
https://www.exploit-db.com/exploits/7423