Vulnerability Details CVE-2007-2775
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
- http://osvdb.org/36638
- http://secunia.com/advisories/25337
- http://www.securityfocus.com/bid/24073
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34395
- https://www.exploit-db.com/exploits/3957
- http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
- http://osvdb.org/36638
- http://secunia.com/advisories/25337
- http://www.securityfocus.com/bid/24073
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34395
- https://www.exploit-db.com/exploits/3957
Products affected by CVE-2007-2775
-
cpe:2.3:a:alstrasoft:live_support:1.21