Shodan
Vulnerabilities
Vulnerable Software
Webspell:  Security Vulnerabilities
CVE-2007-1154
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
CVSS Score
6.8
EPSS Score
0.003
Published
2007-03-02
CVE-2007-1155
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.
CVSS Score
4.6
EPSS Score
0.004
Published
2007-03-02
CVE-2007-1160
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
CVSS Score
10.0
EPSS Score
0.009
Published
2007-03-02
CVE-2007-1163
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-03-02
CVE-2007-1019
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
CVSS Score
6.8
EPSS Score
0.009
Published
2007-02-21
CVE-2007-0502
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-01-25
CVE-2007-0492
Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-01-25
CVE-2006-5388
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.
CVSS Score
7.5
EPSS Score
0.003
Published
2006-10-18
CVE-2006-4782
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.
CVSS Score
5.4
EPSS Score
0.148
Published
2006-09-14
CVE-2006-4783
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.
CVSS Score
5.1
EPSS Score
0.007
Published
2006-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved