2 matches found
Sql injection
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492...
CVE-2007-0492
CVE-2007-0492 involves multiple SQL injection vulnerabilities in gallery.php of webSPELL 4.01.02 and earlier. The underlying issue is unsanitized input parameters (1) id or (2) galleryID that allow remote attackers to inject arbitrary SQL commands, enabling data tampering or extraction. The vulne...