Vulnerabilities > Sphider > Sphider > 1.3.rc1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2506 | Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. | 6.8 |
| 2006-04-13 | CVE-2006-1784 | Remote File Include vulnerability in Sphider 1.3/1.3Rc1/1.3Rc2 PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | 5.1 |