CVE-2007-2824

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/05/2007
Last modified:
09/04/2025

Description

SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:alstrasoft:e-friends:*:*:*:*:*:*:*:* 4.21 (including)