cpe:/a:scripts-for-sites:ez_affiliate CVE-2008-6780 2009-05-01T13:30:00.267-04:00 2017-09-28T21:33:19.950-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-05-01T18:30:00.000-04:00 SECUNIA 32558 OSVDB 49554 EXPLOIT-DB 6911 SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.