Description
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
Exploits (1)
References (5)
Scores
EPSS
0.0723
EPSS Percentile
91.6%
Details
Status
published
Products (3)
sphider/sphider
1.3
sphider/sphider
1.3_rc1
sphider/sphider
1.3_rc2
Published
Apr 13, 2006
Tracked Since
Feb 18, 2026