Vulnerabilities > Webspell > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-05 | CVE-2010-4861 | SQL Injection vulnerability in Webspell 4.2.1 SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
| 2007-07-26 | CVE-2007-4028 | Local File Include vulnerability in Webspell 4.01.02 Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1163 | SQL Injection vulnerability in Webspell 4.0/4.01.00/4.01.01 SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | 7.5 |
| 2007-01-25 | CVE-2007-0502 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | 7.5 |
| 2007-01-25 | CVE-2007-0492 | SQL-Injection vulnerability in webSPELL Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. | 7.5 |
| 2006-10-18 | CVE-2006-5388 | SQL Injection vulnerability in WebSpell SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | 7.5 |
| 2006-02-16 | CVE-2006-0728 | SQL Injection vulnerability in WebSPELL Search.PHP SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | 7.5 |