SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote malicious users to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webspell webspell 4.01.02 |