VYPR

Askme Pro

by Alstrasoft

CVEs (4)

  • CVE-2008-2902Jun 30, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.

  • CVE-2008-2857Jun 25, 2008
    risk 0.03cvss epss 0.02

    AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

  • CVE-2007-4085Jul 30, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.

  • CVE-2007-4083Jul 30, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.