Lucene search
K
AlstrasoftTemplate Seller

6 matches found

CVE
CVE
added 2007/05/21 11:0 p.m.54 views

CVE-2007-2777

CVE-2007-2777: Unrestricted file upload in AlstraSoft Template Seller Pro

7.5CVSS7.7AI score0.0632EPSS
Web
CVE
CVE
added 2005/11/24 11:0 a.m.48 views

CVE-2005-3797

CVE-2005-3797 affects AlstraSoft Template Seller Pro 3.25. PHP remote file inclusion via the config[basepath] parameter allows remote code execution. The vulnerability is documented by NVD; no patch/version info is included in the provided connected documents. Exploitation details or in-the-wild ...

7.5CVSS8AI score0.03781EPSS
CVE
CVE
added 2006/01/16 9:0 p.m.48 views

CVE-2006-0222

The CVE-2006-0222 entry concerns an XSS vulnerability in AlstraSoft Template Seller Pro, affecting the fullview.php script where the tempid parameter can be exploited to inject arbitrary web script/HTML. Affected product: AlstraSoft Template Seller Pro; vulnerable component: fullview.php; entry d...

4.3CVSS5.7AI score0.01736EPSS
CVE
CVE
added 2007/05/21 11:0 p.m.46 views

CVE-2007-2776

The CVE-2007-2776 entry concerns AlstraSoft Template Seller Pro (version 3.25 and earlier). A flaw in the redirect/exit handling when administrative credentials are missing allows a remote attacker to craft a request that injects a credential variable setting and gains administrative access via a...

10CVSS6.7AI score0.08615EPSS
Web
CVE
CVE
added 2006/09/06 10:0 p.m.45 views

CVE-2006-4591

CVE-2006-4591 affects AlstraSoft Template Seller (and possibly AltraSoft Template Seller Pro 3.25). The vulnerability is a PHP remote file inclusion via a URL in config[template_path] used by payment_result.php and spuser_result.php, enabling arbitrary PHP code execution. NVD lists a CVSS2 base s...

7.5CVSS8.1AI score0.02468EPSS
Web
CVE
CVE
added 2005/11/24 11:0 a.m.42 views

CVE-2005-3798

The CVE-2005-3798 entry describes a SQL injection vulnerability in the admin/index.php script of AlstraSoft Template Seller Pro 3.25 . The underlying issue is an injectable username parameter that permits remote attackers to execute arbitrary SQL commands. This is the only concrete detail provide...

7.5CVSS8.8AI score0.01447EPSS
Web