CVE-2007-2775

AlstraSoft Live Support <1.21 - Open Redirect

Title source: llm

Description

AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/3957

View Code ZIP pw:eip

References (6)

[Various Sources] http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34395

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24073

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3957

[Third Party Advisory, VDB Entry] http://osvdb.org/36638

[Third Party Advisory] http://secunia.com/advisories/25337

Scores

EPSS 0.0535

EPSS Percentile 90.1%

Details

Status published

Products (1)

alstrasoft/live_support 1.21

Published May 21, 2007

Tracked Since Feb 18, 2026