Vulnerabilities > Sphider
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-24 | CVE-2006-7057 | SQL-Injection vulnerability in Sphider SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2006-05-22 | CVE-2006-2506 | Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. | 6.8 |
2006-04-13 | CVE-2006-1784 | Remote File Include vulnerability in Sphider 1.3/1.3Rc1/1.3Rc2 PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | 5.1 |