CVE-2007-2776
Summary
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
- LOW
- NETWORK
- NONE
- COMPLETE
- COMPLETE
- COMPLETE
References
Advisory Timeline
- Published