CVE-2007-2775

Name of the Vulnerable Software and Affected Versions AlstraSoft Live Support version 1.21

Description The issue allows remote attackers to obtain administrative access. This is possible because when administrative credentials are missing, the software sends a redirect to the web browser but does not exit. Attackers can exploit this by making a direct request to the "admin/managesettings.php" endpoint.

Recommendations For AlstraSoft Live Support version 1.21, consider restricting access to the "admin/managesettings.php" endpoint until a fix is available. As a temporary workaround, ensure that administrative credentials are always provided to prevent unauthorized access.