Vulnerabilities > CVE-2007-2776 - Multiple vulnerability in AlstraSoft Template Seller Pro

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
alstrasoft
critical
exploit available

Summary

AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.

Vulnerable Configurations

Part Description Count
Application
Alstrasoft
1

Exploit-Db

descriptionAlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit. CVE-2007-2776. Webapps exploit for php platform
fileexploits/php/webapps/3958.php
idEDB-ID:3958
last seen2016-01-31
modified2007-05-20
platformphp
port
published2007-05-20
reporterBlackHawk
sourcehttps://www.exploit-db.com/download/3958/
titleAlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit
typewebapps