CVE-2006-0728
webspell < 4.01.00 - SQL Injection via search.php title_op Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-0728. PoCs published by x128.
AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in WebSpell 4.01. It uses cURL to send a malicious POST request that extracts usernames and passwords from the database, saving the results to an HTML file.
Description
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by x128 · phpwebappsphp
https://www.exploit-db.com/exploits/1498
This exploit targets a SQL injection vulnerability in WebSpell 4.01. It uses cURL to send a malicious POST request that extracts usernames and passwords from the database, saving the results to an HTML file.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
WebSpell 4.01
No auth needed
Prerequisites:
Target URL · Database table prefix
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18885
Patch x_refsource_confirm
http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16673
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24708
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0606
Scores
EPSS
0.0117
EPSS Percentile
63.4%
Details
Status
published
Products (1)
webspell/webspell
< 4.01.00
Published
Feb 16, 2006
Tracked Since
Feb 18, 2026