webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection

Advisory ID: HTB23291 Product: webSPELL Vendor: webSPELL.org Vulnerable Versions: 4.2.4 and probably prior Tested Version: 4.2.4 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 12, 2016 Public Disclosure: February 17,...