AlstraSoft Template Seller Pro Multiple Vulnerabilities

Bugtraq ID:	24068
Class:	Input Validation Error
CVE:	CVE-2007-2777 CVE-2007-2776
Remote:	Yes
Local:	No
Published:	May 21 2007 12:00AM
Updated:	Jul 05 2016 10:20PM
Credit:	BlackHawk is credited with discovering these vulnerabilities.
Vulnerable:	AlstraSoft Template Seller Pro 3.25
Not Vulnerable:

AlstraSoft Template Seller Pro Multiple Vulnerabilities

AlstraSoft Template Seller Pro is prone to multiple vulnerabilities.

An attacker may leverage these issues to execute arbitrary PHP code on an affected computer with the privileges of the webserver process or may craft a malicious HTTP request to bypass the authentication mechanism and overwrite certain files with arbitrary PHP script code.

AlstraSoft Template Seller Pro 3.25 and prior versions are vulnerable to these issues.

AlstraSoft Template Seller Pro Multiple Vulnerabilities

Attackers can use a browser to exploit these issues.

The following exploits are available:

• /data/vulnerabilities/exploits/AlstraSoft_Seller_Pro_rexp.php
• /data/vulnerabilities/exploits/AlstraSoft_Seller_Pro_Auth_Bypass_exp.php

AlstraSoft Template Seller Pro Multiple Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

AlstraSoft Template Seller Pro Multiple Vulnerabilities

References:

• AlstraSoft Template Seller Pro (AlstraSoft)