Vulnerabilities > Webspell > Webspell > 4.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-04 | CVE-2009-1912 | Path Traversal vulnerability in Webspell Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. | 6.8 |
2006-09-14 | CVE-2006-4782 | Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1 src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | 5.4 |