Webspell: >> Webspell >> 4.01.00 Security Vulnerabilities
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
CVSS Score
6.8
EPSS Score
0.024
Published
2009-06-04
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-03-02