Intrusion Prevention

WebSPELL.Database.PHP.Authentication.Bypass

Description

A vulnerability in src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.

Affected Products

webSPELL webSPELL 4.1.1
webSPELL webSPELL 4.1
webSPELL webSPELL 4.0

Impact

Bypass authentication and gain sensitive information.

Recommended Actions

The vendor has released Security Fix 2006-09-11 to address this issue.
Please see the references for more information.
webSPELL webSPELL 4.0
webSPELL webSPELL Security Fix 2006-09-11
http://cms.webspell.org/index.php?site=files&file=15
webSPELL webSPELL 4.1
webSPELL webSPELL Security Fix 2006-09-11
http://cms.webspell.org/index.php?site=files&file=15
webSPELL webSPELL 4.1.1
webSPELL webSPELL Security Fix 2006-09-11
http://cms.webspell.org/index.php?site=files&file=15

CVE References

CVE-2006-4782