CyberSec.Space Logo
Back to CVE Browser

CVE-2006-5388

HIGH
7.5
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile29.70th
PublishedOct 18, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.

Affected Platforms (CPE)

πŸ“¦
Webspell

Webspell

= 4.0
πŸ“¦
Webspell

Webspell

= 4.01.01

References & Advisories

πŸ”— http://www.securityfocus.com/bid/20540
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/29563
πŸ”— https://www.exploit-db.com/exploits/2568
πŸ”— http://www.securityfocus.com/bid/20540
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/29563
πŸ”— https://www.exploit-db.com/exploits/2568

Related Vulnerabilities

CVE-2007-116010.0

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vuln...

CVE-2007-05027.5

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the p...

CVE-2006-07287.5

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands...

CVE-2007-04927.5

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary ...