CVE-2006-1784 Information

Description

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier when register_globals is disabled allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.

Reference

http://secunia.com/advisories/19642 http://www.securityfocus.com/bid/17514 http://www.vupen.com/english/advisories/2006/1341 https://exchange.xforce.ibmcloud.com/vulnerabilities/25780 https://www.exploit-db.com/exploits/1665