PT-2006-5557 · Webspell · Webspell

Trex

Published

2006-09-14

Updated

2017-10-19

CVE-2006-4782

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebSPELL versions 4.01.01 and earlier

Description The issue allows remote attackers to bypass authentication and gain sensitive information stored in the database. This is achieved by modifying the userID parameter in a write action to the "admin/database.php" endpoint when register globals is enabled.

Recommendations For WebSPELL versions 4.01.01 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the "admin/database.php" endpoint until a fix is available. Avoid using the userID parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4782

Affected Products

Webspell

PT-2006-5557 · Webspell · Webspell

CVE-2006-4782

Related Identifiers

Affected Products

References · 8