Vulnerability Description
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.
CVSS Score
5.1
MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webspell | Webspell | <= 4.01.01 |
References
- http://cms.webspell.org/index.php?site=files&file=11ExploitPatch
- http://secunia.com/advisories/21881ExploitPatchVendor Advisory
- http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oiPatch
- http://www.vupen.com/english/advisories/2006/3572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28898
- http://cms.webspell.org/index.php?site=files&file=11ExploitPatch
- http://secunia.com/advisories/21881ExploitPatchVendor Advisory
- http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oiPatch
- http://www.vupen.com/english/advisories/2006/3572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28898
FAQ
What is CVE-2006-4783?
CVE-2006-4783 is a vulnerability with a CVSS score of 5.1 (MEDIUM). SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.
How severe is CVE-2006-4783?
CVE-2006-4783 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4783?
Check the references section above for vendor advisories and patch information. Affected products include: Webspell Webspell.