CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0492

HIGH
7.5
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile4.37th
PublishedJan 25, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

πŸ“¦
Webspell

Webspell

<= 4.01.02

References & Advisories

πŸ”— http://www.vupen.com/english/advisories/2007/0270
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31632
πŸ”— http://www.vupen.com/english/advisories/2007/0270
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31632

Related Vulnerabilities

CVE-2007-116010.0

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vuln...

CVE-2007-05027.5

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the p...

CVE-2006-07287.5

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands...

CVE-2006-53887.5

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands...