Required CVE Record Information
Description
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
References 6 Total
- exploit-db.com: 3957 exploit
- securityfocus.com: 24073 vdb-entry
- osvdb.org: 36638 vdb-entry
- http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack
- secunia.com: 25337 third-party-advisory
- exchange.xforce.ibmcloud.com: alstrasoft-livesupport-manag-info-disclosure(34395) vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- exploit-db.com: 3957 exploitx_transferred
- securityfocus.com: 24073 vdb-entryx_transferred
- osvdb.org: 36638 vdb-entryx_transferred
- http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack x_transferred
- secunia.com: 25337 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: alstrasoft-livesupport-manag-info-disclosure(34395) vdb-entryx_transferred