Vulnerabilities > Alstrasoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-17 | CVE-2008-5649 | SQL Injection vulnerability in Alstrasoft Article Manager PRO 1.6 SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 10.0 |
| 2007-05-22 | CVE-2007-2824 | SQL Injection vulnerability in AlstraSoft E-Friends Pack Parameter SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | 10.0 |
| 2007-05-21 | CVE-2007-2776 | Multiple vulnerability in AlstraSoft Template Seller Pro AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | 10.0 |
| 2007-05-21 | CVE-2007-2775 | Unspecified vulnerability in Alstrasoft Live Support 1.21 AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | 10.0 |