Unrated severityNVD Advisory· Published Jun 4, 2009· Updated Jun 16, 2026
CVE-2009-1912
CVE-2009-1912
Description
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:webspell:webspell:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:webspell:webspell:*:*:*:*:*:*:*:*range: <=4.2.0e
- cpe:2.3:a:webspell:webspell:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.01.00:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.01.02:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.0.2c:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.2.0c:*:*:*:*:*:*:*
- cpe:2.3:a:webspell:webspell:4.2.0d:*:*:*:*:*:*:*
- (no CPE)range: <=4.2.0e
Patches
Vulnerability mechanics
References
9- www.osvdb.org/54296nvdPatch
- www.webspell.orgnvdPatch
- www.webspell.org/index.phpnvdPatch
- www.webspell.org/index.phpnvdPatch
- www.securityfocus.com/bid/34862nvdExploitPatch
- secunia.com/advisories/35016nvdVendor Advisory
- osvdb.org/54295nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50395nvd
- www.exploit-db.com/exploits/8622nvd
News mentions
0No linked articles in our index yet.