CVE-2009-1912

Name of the Vulnerable Software and Affected Versions: webSPELL versions 4.2.0e and earlier

Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local .php files by using a .. (dot dot) in a language cookie. This can also be used for SQL injection by including awards.php.

Recommendations: For versions 4.2.0e and earlier, update to a version later than 4.2.0e to resolve the issue. As a temporary workaround, consider restricting access to the language cookie to minimize the risk of exploitation.