CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-5388

HIGH
7.5
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile29.70th
Published2006年10月18日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.

Affected Platforms (CPE)

📦
Webspell

Webspell

= 4.0
📦
Webspell

Webspell

= 4.01.01

References & Advisories

🔗 http://www.securityfocus.com/bid/20540
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/29563
🔗 https://www.exploit-db.com/exploits/2568
🔗 http://www.securityfocus.com/bid/20540
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/29563
🔗 https://www.exploit-db.com/exploits/2568

関連する脆弱性情報

CVE-2007-116010.0

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vuln...

CVE-2007-05027.5

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the p...

CVE-2006-07287.5

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands...

CVE-2007-04927.5

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary ...