CVE Tools

webspell

Web & CMS Pluginsunknown

14

Cumulative CVEs

6

Monthly snapshots

#18

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting webspell.

CVE-2010-4861SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.7.5Oct 5, 2011
CVE-2009-1912Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language ...6.8Jun 4, 2009
CVE-2009-1408Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascr...4.3Apr 24, 2009
CVE-2008-1481Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this informa...4.3Mar 24, 2008
CVE-2008-0575Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators...4.3Feb 5, 2008
CVE-2008-0574Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.4.3Feb 5, 2008
CVE-2007-6309Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upl...4.3Dec 11, 2007
CVE-2007-4028Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of...7.5Jul 26, 2007
CVE-2007-2369Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.5.0Apr 30, 2007
CVE-2007-2368picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.5.0Apr 30, 2007
CVE-2007-1163SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019...7.5Feb 28, 2007
CVE-2007-1160webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.10.0Feb 28, 2007
CVE-2007-1155Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an adminis...4.6Feb 27, 2007
CVE-2007-1154SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.6.8Feb 27, 2007
CVE-2007-1019SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a d...6.8Feb 21, 2007