PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and previous versions, when register_globals is disabled, allows remote malicious users to execute arbitrary PHP code via a URL in the settings_dir parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sphider sphider 1.3 |
||
sphider sphider 1.3_rc1 |
||
sphider sphider 1.3_rc2 |