Unrated severityNVD Advisory· Published May 21, 2007· Updated Apr 23, 2026

CVE-2007-2777

Description

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.

Affected products

Alstrasoft/Template Seller
cpe:2.3:a:alstrasoft:template_seller:*:*:pro:*:*:*:*:*
Range: <=3.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/40423nvd
www.securityfocus.com/bid/24068nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34398nvd
www.exploit-db.com/exploits/3959nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000