Vulnerabilities > CVE-2006-4591 - Remote File Include vulnerability in Alstrasoft Template Seller 3.25

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
alstrasoft
exploit available
NVD
Published: 2006-09-06
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.

Vulnerable Configurations

Part Description Count
Application
Alstrasoft
3

Exploit-Db

descriptionAlstraSoft Template Seller Config[Template_Path] Multiple Remote File Include Vulnerabilities. CVE-2006-4591. Webapps exploit for php platform
idEDB-ID:28444
last seen2016-02-03
modified2006-08-30
published2006-08-30
reporternight_warrior771
sourcehttps://www.exploit-db.com/download/28444/
titleAlstraSoft Template Seller - ConfigTemplate_Path Multiple Remote File Include Vulnerabilities

References