|
Description
|
|
Two vulnerabilities were identified in AlstraSoft Template Seller Pro, which could be exploited by attackers to execute arbitrary commands or conduct SQL injection attacks.
The first issue is due to an input validation error in administration interface that does not properly filter a specially crafted "username" parameter, which may be exploited by remote users to conduct SQL injection attacks.
The second flaw is due to an input validation error in the "include/paymentplugins/payment_paypal.php" script when processing a specially crafted "config[basepath]" variable, which could be exploited by attackers to include malicious files and execute arbitrary commands.
|
