Vulnerabilities > Webspell

DATE CVE VULNERABILITY TITLE RISK
2007-03-02 CVE-2007-1163 SQL Injection vulnerability in Webspell 4.0/4.01.00/4.01.01
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
network
low complexity
webspell CWE-89
7.5
2007-03-02 CVE-2007-1160 Improper Authentication vulnerability in Webspell 4.0
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
network
low complexity
webspell CWE-287
critical
10.0
2007-03-02 CVE-2007-1155 Improper Input Validation vulnerability in Webspell
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature.
network
high complexity
webspell CWE-20
4.6
2007-03-02 CVE-2007-1154 SQL Injection vulnerability in Webspell
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
network
webspell CWE-89
6.8
2007-02-21 CVE-2007-1019 SQL Injection vulnerability in Webspell 4.01.02
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
network
webspell
6.8
2007-01-25 CVE-2007-0502 SQL Injection vulnerability in Webspell 4.01.02
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
network
low complexity
webspell
7.5
2007-01-25 CVE-2007-0492 SQL-Injection vulnerability in webSPELL
Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter.
network
low complexity
webspell
7.5
2006-10-18 CVE-2006-5388 SQL Injection vulnerability in WebSpell
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.
network
low complexity
webspell
7.5
2006-09-14 CVE-2006-4783 SQL-Injection vulnerability in Webspell 4.0
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.
network
high complexity
webspell
5.1
2006-09-14 CVE-2006-4782 Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.
network
high complexity
webspell
5.4