CVE-2006-5388
published 2006-10-18CVE-2006-5388: SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.7th percentile
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webspell | webspell | <= 4.01.02 | — |
| webspell | webspell | — | — |
| webspell | webspell | — | — |
| webspell | webspell | — | — |
| webspell | webspell | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WebSPELL 4.0/4.01.01 index.php getsquad sql injection (EDB-2568 / XFDB-29563)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5388 [HIGH] WebSPELL 4.0/4.01.01 index.php getsquad sql injection (EDB-2568 / XFDB-29563)
A vulnerability marked as critical has been reported in WebSPELL 4.0/4.01.01. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument getsquad results in sql injection.
This vulnerability is identified as CVE-2006-5388. The attack can be initiated remotely. Additionally, an exploit exists.
GHSA
GHSA-89mj-xhmx-wjg6: SQL injection vulnerability in printview
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2007-1163 [MEDIUM] CWE-89 GHSA-89mj-xhmx-wjg6: SQL injection vulnerability in printview
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
GHSA
GHSA-525m-xhw8-m6pr: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-5388 [MEDIUM] GHSA-525m-xhw8-m6pr: SQL injection vulnerability in index
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.
GHSA
GHSA-963c-h63p-mrj5: SQL injection vulnerability in news
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-1019 [HIGH] GHSA-963c-h63p-mrj5: SQL injection vulnerability in news
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
No detection rules found.
No writeups or analysis indexed.
2006-10-18
Published