Alstrasoft : Security Vulnerabilities, CVEs, CVSS score >= 9
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Max CVSS
10.0
EPSS Score
0.12%
Published
2008-12-17
Updated
2017-09-29
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Max CVSS
10.0
EPSS Score
0.41%
Published
2007-05-22
Updated
2017-10-11
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
Max CVSS
10.0
EPSS Score
5.43%
Published
2007-05-21
Updated
2017-10-11
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
Max CVSS
10.0
EPSS Score
10.85%
Published
2007-05-21
Updated
2017-10-11
4 vulnerabilities found