CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4591

Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/1509
http://www.securityfocus.com/archive/1/445156/100/0/threaded
http://www.securityfocus.com/bid/19769
http://securityreason.com/securityalert/1509
http://www.securityfocus.com/archive/1/445156/100/0/threaded
http://www.securityfocus.com/bid/19769

Products affected by CVE-2006-4591

Alstrasoft » Template Seller » Version: Any

cpe:2.3:a:alstrasoft:template_seller:*
Alstrasoft » Template Seller » Version: 3.25

cpe:2.3:a:alstrasoft:template_seller:3.25

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4591

Products

Pricing

Contact Us