VYPR
Unrated severityNVD Advisory· Published Sep 14, 2006· Updated Jun 16, 2026

CVE-2006-4782

CVE-2006-4782

Description

src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Webspell/Webspell5 versions
    cpe:2.3:a:webspell:webspell:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:webspell:webspell:*:*:*:*:*:*:*:*range: <=4.01.01
    • cpe:2.3:a:webspell:webspell:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webspell:webspell:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webspell:webspell:4.1.1:*:*:*:*:*:*:*
    • (no CPE)range: <=4.01.01

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.