Vulnerabilities > Webspell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-21 | CVE-2007-1019 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. network webspell | 6.8 |
| 2006-09-14 | CVE-2006-4783 | SQL-Injection vulnerability in Webspell 4.0 SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | 5.1 |
| 2006-09-14 | CVE-2006-4782 | Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1 src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | 5.4 |