3 matches found
Sql injection
SQL injection vulnerability in news.php in webSPELL 4.01.02, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388...
CVE-2006-5388
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783...
CVE-2006-5388
Technical details about CVE-2006-5388 are not provided in the connected documents. The initial description mentions a SQL injection in WebSPELL 4.01.01 and earlier via the getsquad parameter, but no further specifics are supplied here. Monitor for updates.