Vulnerabilities > Webspell > Webspell > 4.01.02
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-04 | CVE-2009-1912 | Path Traversal vulnerability in Webspell Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. | 6.8 |
2008-02-05 | CVE-2008-0575 | Cross-Site Request Forgery (CSRF) vulnerability in Webspell 4.01.02 Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. | 4.3 |
2008-02-05 | CVE-2008-0574 | Cross-Site Scripting vulnerability in Webspell 4.01.02 Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action. | 4.3 |
2007-07-26 | CVE-2007-4028 | Local File Include vulnerability in Webspell 4.01.02 Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. | 7.5 |
2007-02-21 | CVE-2007-1019 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. network webspell | 6.8 |
2007-01-25 | CVE-2007-0502 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | 7.5 |