CVE-2007-2776

Name of the Vulnerable Software and Affected Versions AlstraSoft Template Seller Pro versions 3.25 and earlier

Description The issue allows remote attackers to inject a credential variable setting and obtain administrative access. This is possible because when administrative credentials are missing, the software sends a redirect to the web browser but does not exit. Attackers can exploit this via a direct request to "admin/changeinfo.php".

Recommendations For versions 3.25 and earlier, consider disabling access to the "admin/changeinfo.php" endpoint until a fix is available. Restrict administrative access to minimize the risk of exploitation.