CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4861 – Webspell 4.2.1 - 'asearch.php' SQL Injection
https://notcve.org/view.php?id=CVE-2010-4861
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. Vulnerabilidad de inyección SQL en asearch.php de webSPELL 4.2.1. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro search. • https://www.exploit-db.com/exploits/15151 http://packetstormsecurity.org/1009-exploits/webspell421-sql.txt http://securityreason.com/securityalert/8419 http://www.exploit-db.com/exploits/15151 http://www.securityfocus.com/bid/43579 http://www.webspell.org/index.php?site=files&cat=21 https://exchange.xforce.ibmcloud.com/vulnerabilities/62130 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •