CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0502

HIGH
7.5
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile5.74th
PublishedJan 25, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.

Affected Platforms (CPE)

πŸ“¦
Webspell

Webspell

= 4.01.02

References & Advisories

πŸ”— http://osvdb.org/36798
πŸ”— http://www.securityfocus.com/bid/22149
πŸ”— http://www.vupen.com/english/advisories/2007/0270
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31632
πŸ”— https://www.exploit-db.com/exploits/3172
πŸ”— http://osvdb.org/36798
πŸ”— http://www.securityfocus.com/bid/22149
πŸ”— http://www.vupen.com/english/advisories/2007/0270

Related Vulnerabilities

CVE-2007-116010.0

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vuln...

CVE-2007-04927.5

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary ...

CVE-2006-07287.5

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands...

CVE-2006-53887.5

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands...