CVE-2007-2776

AlstraSoft Template Seller Pro <3.25 - Auth Bypass

Title source: llm

Description

AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/3958

View Code ZIP pw:eip

References (5)

[Various Sources] http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34396

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24068

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3958

[Third Party Advisory, VDB Entry] http://osvdb.org/40422

Scores

EPSS 0.0153

EPSS Percentile 81.4%

Details

Status published

Products (1)

alstrasoft/template_seller < 3.25

Published May 21, 2007

Tracked Since Feb 18, 2026