Lucene search

PRIOn knowledge basePRION:CVE-2009-1912

HistoryJun 04, 2009 - 4:30 p.m.

Directory traversal

2009-06-0416:30:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a … (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.

CPENameOperatorVersion
webspelleq4.01.02
webspelleq4.0.299
webspelleq4.1.2
webspelleq4.2.100
webspelleq4.1
webspelleq4.0
webspelleq4.01.00
webspelleq4.1.1
webspelleq4.2.99
webspelleq4.01.01

Name	Operator	Version
webspell	eq	4.01.02
webspell	eq	4.0.299
webspell	eq	4.1.2
webspell	eq	4.2.100
webspell	eq	4.1
webspell	eq	4.0
webspell	eq	4.01.00
webspell	eq	4.1.1
webspell	eq	4.2.99
webspell	eq	4.01.01

Rows per page:

1-10 of 111

References

osvdb.org/54295

secunia.com/advisories/35016

www.osvdb.org/54296

www.securityfocus.com/bid/34862

www.webspell.org/

www.webspell.org/index.php?site=files&file=30

www.webspell.org/index.php?site=news_comments&newsID=130

exchange.xforce.ibmcloud.com/vulnerabilities/50395

www.exploit-db.com/exploits/8622