Alstrasoft: >> Template Seller >> 3.25 Security Vulnerabilities
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-09-06
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
CVSS Score
7.5
EPSS Score
0.037
Published
2005-11-24
SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.
CVSS Score
7.5
EPSS Score
0.01
Published
2005-11-24