CVE-2007-2777

AlstraSoft Template Seller Pro <3.25 - RCE

Title source: llm

Description

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/3959

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34398

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24068

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3959

[Third Party Advisory, VDB Entry] http://osvdb.org/40423

Scores

EPSS 0.0262

EPSS Percentile 85.7%

Details

Status published

Products (1)

alstrasoft/template_seller < 3.25

Published May 21, 2007

Tracked Since Feb 18, 2026