CVE-2007-2777

Name of the Vulnerable Software and Affected Versions AlstraSoft Template Seller Pro versions 3.25 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via an unrestricted file upload vulnerability. This is achieved by uploading an arbitrary .php filename in the zip parameter, which is then created under the sptemplates/ directory.

Recommendations For versions 3.25 and earlier, consider disabling the file upload functionality in admin/addsptemplate.php until a patch is available. Restrict access to the sptemplates/ directory to minimize the risk of exploitation. Avoid using the zip parameter in the affected API endpoint until the issue is resolved.