Affiliate Market
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1177 | 0.03 | — | 0.01 | Mar 6, 2008 | SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-1176 | 0.03 | — | 0.01 | Mar 6, 2008 | Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter. | |||
| CVE-2008-0794 | 0.03 | — | 0.02 | Feb 15, 2008 | Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||
| CVE-2023-53917 | 0.00 | — | 0.00 | Dec 17, 2025 | Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information… |
- CVE-2008-1177Mar 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-1176Mar 6, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.
- CVE-2008-0794Feb 15, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
- CVE-2023-53917Dec 17, 2025risk 0.00cvss —epss 0.00
Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information…