2 matches found
CVE-2009-1912
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. dot dot in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php...
CVE-2009-1912
CVE-2009-1912 affects webSPELL 4.2.0e and earlier. A directory traversal flaw in src/func/language.php lets remote attackers craft a language cookie containing .. to include and execute arbitrary local PHP files; exploitation can progress to SQL injection by including awards.php. The NVD/NVD-deri...