Vulnerabilities > CVE-2007-2775 - Unspecified vulnerability in Alstrasoft Live Support 1.21

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
alstrasoft
critical
exploit available
NVD
Published: 2007-05-21
Updated: 2017-10-11

Summary

AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.

Vulnerable Configurations

Part Description Count
Application
Alstrasoft
1

Exploit-Db

descriptionAlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit. CVE-2007-2775. Webapps exploit for php platform
fileexploits/php/webapps/3957.php
idEDB-ID:3957
last seen2016-01-31
modified2007-05-20
platformphp
port
published2007-05-20
reporterBlackHawk
sourcehttps://www.exploit-db.com/download/3957/
titleAlstraSoft Live Support 1.21 - Admin Credential Retrieve Exploit
typewebapps

References