CVE-2006-0728

Webspell < 4.01.00 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by x128 · phpwebappsphp

https://www.exploit-db.com/exploits/1498

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] http://secunia.com/advisories/18885

[Patch] http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16673

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24708

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0606

Scores

EPSS 0.0069

EPSS Percentile 71.8%

Details

Status published

Products (1)

webspell/webspell < 4.01.00

Published Feb 16, 2006

Tracked Since Feb 18, 2026