WebSPELL.Database.PHP.Authentication.Bypass
Description
A vulnerability in src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.
Affected Products
webSPELL webSPELL 4.1.1
webSPELL webSPELL 4.1
webSPELL webSPELL 4.0
Impact
Bypass authentication and gain sensitive information.
Recommended Actions
The vendor has released Security Fix 2006-09-11 to address this issue.
Please see the references for more information.
webSPELL webSPELL 4.0
webSPELL webSPELL Security Fix 2006-09-11
http://cms.webspell.org/index.php?site=files&file=15
/>webSPELL webSPELL 4.1
webSPELL webSPELL Security Fix 2006-09-11
http://cms.webspell.org/index.php?site=files&file=15
/>webSPELL webSPELL 4.1.1
webSPELL webSPELL Security Fix 2006-09-11
http://cms.webspell.org/index.php?site=files&file=15
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-09-27 | 13.459 |