Vulnerabilities > CVE-2006-4782 - Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
high complexity
webspell
exploit available

Summary

src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
Webspell
4

Exploit-Db

descriptionwebSPELL <= 4.01.01 Database Backup Download Vulnerability. CVE-2006-4782. Webapps exploit for php platform
fileexploits/php/webapps/2352.txt
idEDB-ID:2352
last seen2016-01-31
modified2006-09-12
platformphp
port
published2006-09-12
reporterTrex
sourcehttps://www.exploit-db.com/download/2352/
titlewebSPELL <= 4.01.01 Database Backup Download Vulnerability
typewebapps