Vulnerabilities > CVE-2006-4782 - Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | webSPELL <= 4.01.01 Database Backup Download Vulnerability. CVE-2006-4782. Webapps exploit for php platform |
file | exploits/php/webapps/2352.txt |
id | EDB-ID:2352 |
last seen | 2016-01-31 |
modified | 2006-09-12 |
platform | php |
port | |
published | 2006-09-12 |
reporter | Trex |
source | https://www.exploit-db.com/download/2352/ |
title | webSPELL <= 4.01.01 Database Backup Download Vulnerability |
type | webapps |