CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-2775

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile16.52th
Published2007年5月21日
Last Modified2026年4月23日

Vulnerability Description

AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.

Affected Platforms (CPE)

📦
Alstrasoft

Live Support

= 1.21

References & Advisories

🔗 http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
🔗 http://osvdb.org/36638
🔗 http://secunia.com/advisories/25337
🔗 http://www.securityfocus.com/bid/24073
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34395
🔗 https://www.exploit-db.com/exploits/3957
🔗 http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
🔗 http://osvdb.org/36638

相关漏洞威胁

CVE-2019-111859.8

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results fro...

CVE-2019-124989.8

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permissio...

CVE-2018-124269.8

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to clie...

CVE-2018-173898.8

CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.