CVE-2007-2777 - Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro

CVE-2007-2777

Summary

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.

References

http://osvdb.org/40423
http://www.securityfocus.com/bid/24068
https://exchange.xforce.ibmcloud.com/vulnerabilities/34398
https://www.exploit-db.com/exploits/3959

Vulnerable Configurations

cpe:2.3:a:alstrasoft:template_seller:*:*:pro:*:*:*:*:*
cpe:2.3:a:alstrasoft:template_seller:*:*:pro:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	24068
exploit-db	3959
osvdb	40423
xf	alstrasoft-template-addsptemp-file-upload(34398)

Last major update

11-10-2017 - 01:32

Published

21-05-2007 - 23:30

Last modified

11-10-2017 - 01:32