Security webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection February 18, 2016 007admin Leave a comment webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.