CVEブラウザに戻る

CVE-2007-0502

HIGH

7.5

CVSS Severity Score

EPSS Score0.1630%

EPSS Percentile5.74th

Published2007年1月25日

Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.

Affected Platforms (CPE)

📦

Webspell

Webspell

= 4.01.02

References & Advisories

🔗 http://osvdb.org/36798

🔗 http://www.securityfocus.com/bid/22149

🔗 http://www.vupen.com/english/advisories/2007/0270

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/31632

🔗 https://www.exploit-db.com/exploits/3172

🔗 http://osvdb.org/36798

🔗 http://www.securityfocus.com/bid/22149

🔗 http://www.vupen.com/english/advisories/2007/0270

関連する脆弱性情報

CVE-2007-116010.0

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vuln...

CVE-2007-04927.5

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary ...

CVE-2006-07287.5

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands...

CVE-2006-53887.5

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands...