Vulnerability Description
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webspell | Webspell | <= 4.2.0e |
Related Weaknesses (CWE)
References
- http://osvdb.org/54295
- http://secunia.com/advisories/35016Vendor Advisory
- http://www.osvdb.org/54296Patch
- http://www.securityfocus.com/bid/34862ExploitPatch
- http://www.webspell.org/Patch
- http://www.webspell.org/index.php?site=files&file=30Patch
- http://www.webspell.org/index.php?site=news_comments&newsID=130Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50395
- https://www.exploit-db.com/exploits/8622
- http://osvdb.org/54295
- http://secunia.com/advisories/35016Vendor Advisory
- http://www.osvdb.org/54296Patch
- http://www.securityfocus.com/bid/34862ExploitPatch
- http://www.webspell.org/Patch
- http://www.webspell.org/index.php?site=files&file=30Patch
FAQ
What is CVE-2009-1912?
CVE-2009-1912 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language coo...
How severe is CVE-2009-1912?
CVE-2009-1912 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1912?
Check the references section above for vendor advisories and patch information. Affected products include: Webspell Webspell.