CVE-2006-4783

2006-09-14T10:07:00
ID CVE-2006-4783
Type cve
Reporter cve@mitre.org
Modified 2017-07-20T01:33:00

Description

SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. Successful exploitation requires that "magic_quotes_gpc" is disabled.