CVE-2009-1912

Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.

Published: Jun 4, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1912
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
webspell / webspell	4.01.02	4.01.02.x
webspell / webspell	4.0.2c	4.0.2c.x
webspell / webspell	4.1.2	4.1.2.x
webspell / webspell	4.2.0d	4.2.0d.x
webspell / webspell	4.1	4.1.x
webspell / webspell	4.0	4.0.x
webspell / webspell	4.01.00	4.01.00.x
webspell / webspell	4.1.1	4.1.1.x
webspell / webspell	4.2.0c	4.2.0c.x
webspell / webspell	4.01.01	4.01.01.x
webspell / webspell	-	4.2.0e.x

http://osvdb.org/54295
http://secunia.com/advisories/35016
http://www.osvdb.org/54296
http://www.securityfocus.com/bid/34862
http://www.webspell.org/
http://www.webspell.org/index.php?site=files&file=30
http://www.webspell.org/index.php?site=news_comments&newsID=130
https://exchange.xforce.ibmcloud.com/vulnerabilities/50395
https://www.exploit-db.com/exploits/8622

Vulnerability Database

289,784

CVE-2009-1912