Vulnerabilities > CVE-2007-2776 - Unspecified vulnerability in Alstrasoft Template Seller
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN alstrasoft
exploit available
Summary
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | AlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit. CVE-2007-2776. Webapps exploit for php platform |
| file | exploits/php/webapps/3958.php |
| id | EDB-ID:3958 |
| last seen | 2016-01-31 |
| modified | 2007-05-20 |
| platform | php |
| port | |
| published | 2007-05-20 |
| reporter | BlackHawk |
| source | https://www.exploit-db.com/download/3958/ |
| title | AlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit |
| type | webapps |
References
- http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
- http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
- http://osvdb.org/40422
- http://osvdb.org/40422
- http://www.securityfocus.com/bid/24068
- http://www.securityfocus.com/bid/24068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34396
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34396
- https://www.exploit-db.com/exploits/3958
- https://www.exploit-db.com/exploits/3958