cbcvebase.
CVE-2009-1912
published 2009-06-04

CVE-2009-1912: Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php…

PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.18%
86.5th percentile
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.

Affected

11 ranges
VendorProductVersion rangeFixed in
webspellwebspell<= 4.2.0e
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
webspellwebspell
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.