4.1.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

webspell

exploit available

NVD

Published: 2006-09-14

Updated: 2024-11-21

Summary

src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.

Vulnerable Configurations

Part	Description	Count
Application	Webspell Webspell Webspell * Webspell Webspell 4.1 Webspell Webspell 4.0 Webspell Webspell 4.1.1	4

Exploit-Db

description	webSPELL <= 4.01.01 Database Backup Download Vulnerability. CVE-2006-4782. Webapps exploit for php platform
file	exploits/php/webapps/2352.txt
id	EDB-ID:2352
last seen	2016-01-31
modified	2006-09-12
platform	php
port
published	2006-09-12
reporter	Trex
source	https://www.exploit-db.com/download/2352/
title	webSPELL <= 4.01.01 Database Backup Download Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References