CVE-2009-1912

2009-06-0416:00:00

mitre

www.cve.org

8 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a … (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.

References

osvdb.org/54295

secunia.com/advisories/35016

www.osvdb.org/54296

www.securityfocus.com/bid/34862

www.webspell.org/

www.webspell.org/index.php?site=files&file=30

www.webspell.org/index.php?site=news_comments&newsID=130

exchange.xforce.ibmcloud.com/vulnerabilities/50395

www.exploit-db.com/exploits/8622