Lucene search

[email protected]CVE-2007-2777

HistoryMay 21, 2007 - 11:30 p.m.

CVE-2007-2777

2007-05-2123:30:00

[email protected]

web.nvd.nist.gov

vulnerability

file upload

alstrasoft

template seller pro

cve-2007-2777

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.

Affected configurations

NVD

Node

alstrasofttemplate_sellerRange≤3.25pro

CPENameOperatorVersion
alstrasoft:template_selleralstrasoft template sellerle3.25

CPE	Name	Operator	Version
alstrasoft:template_seller	alstrasoft template seller	le	3.25

References

osvdb.org/40423

www.securityfocus.com/bid/24068

exchange.xforce.ibmcloud.com/vulnerabilities/34398

www.exploit-db.com/exploits/3959

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2007-2777

nvd1 prion1 cvelist1