Vulnerabilities > Webspell > Webspell > 4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-04 | CVE-2009-1912 | Path Traversal vulnerability in Webspell Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. | 6.8 |
2007-03-02 | CVE-2007-1163 | SQL Injection vulnerability in Webspell 4.0/4.01.00/4.01.01 SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | 7.5 |
2007-03-02 | CVE-2007-1160 | Improper Authentication vulnerability in Webspell 4.0 webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 10.0 |
2006-10-18 | CVE-2006-5388 | SQL Injection vulnerability in WebSpell SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | 7.5 |
2006-09-14 | CVE-2006-4783 | SQL-Injection vulnerability in Webspell 4.0 SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | 5.1 |
2006-09-14 | CVE-2006-4782 | Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1 src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | 5.4 |