GCVE - cpe:2.3:a:alstrasoft:template_seller:*:*:pro:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alstrasoft:template_seller:*:*:pro:*:*:*:*:*

part: a version: * update: *

Vendor	Alstrasoft (`a4963e9f-6c7e-59f9-91ba-7bec89015e6d`)
Product	Template Seller (`11214aae-9737-5ca2-a527-ef03bca336b3`)
Edition	pro
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-2777`	vulnerable	2026-06-03 14:28:09.351162	Details available Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. Published: 2007-05-21T23:00:00.000Z Updated: 2024-08-07T13:49:57.252Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/24068 https://exchange.xforce.ibmcloud.com/vulnerabilities/34398 http://osvdb.org/40423 https://www.exploit-db.com/exploits/3959	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2776`	vulnerable	2026-06-03 14:28:09.350776	Details available AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. Published: 2007-05-21T23:00:00.000Z Updated: 2024-08-07T13:49:57.393Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/24068 http://osvdb.org/40422 https://exchange.xforce.ibmcloud.com/vulnerabilities/34396 https://www.exploit-db.com/exploits/3958 http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4591`	vulnerable	2026-06-03 14:27:43.337382	Details available Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php. Published: 2006-09-06T22:00:00.000Z Updated: 2024-08-07T19:14:47.574Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/19769 http://www.securityfocus.com/archive/1/445156/100/0/threaded http://securityreason.com/securityalert/1509	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0222`	vulnerable	2026-06-03 14:27:20.224567	Details available Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. Published: 2006-01-16T21:00:00.000Z Updated: 2024-08-07T16:25:33.902Z Open on db.gcve.eu Reference links http://www.osvdb.org/22746 http://www.securityfocus.com/bid/16233 https://exchange.xforce.ibmcloud.com/vulnerabilities/24235 http://www.securityfocus.com/archive/1/421916/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.