CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2775

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile16.52th
PublishedMay 21, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.

Affected Platforms (CPE)

πŸ“¦
Alstrasoft

Live Support

= 1.21

References & Advisories

πŸ”— http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
πŸ”— http://osvdb.org/36638
πŸ”— http://secunia.com/advisories/25337
πŸ”— http://www.securityfocus.com/bid/24073
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34395
πŸ”— https://www.exploit-db.com/exploits/3957
πŸ”— http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
πŸ”— http://osvdb.org/36638

Related Vulnerabilities

CVE-2019-111859.8

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results fro...

CVE-2019-124989.8

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permissio...

CVE-2018-124269.8

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to clie...

CVE-2018-173898.8

CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.