CVE-2006-4783

Name of the Vulnerable Software and Affected Versions WebSPELL versions 4.01.01 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the squadID parameter in the squads.php file when register globals is enabled.

Recommendations For WebSPELL versions 4.01.01 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the squads.php file to minimize the risk of SQL injection attacks. Avoid using the squadID parameter in the affected squads.php file until the issue is resolved.