Adminze

**Name of the Vulnerable Software and Affected Versions** SphinxSearch in Sphinx Technologies Sphinx versions through 3.1.1 **Description** The issue is related to a directory traversal error in the search system, which can be exploited by a remote attacker to gain unauthorized access to protected information. This can be achieved using the `CALL SNIPPETS` operator or the `load file()` function, allowing access to files on a full pathname, such as those in the `/etc` directory. **Recommendations** For SphinxSearch in Sphinx Technologies Sphinx versions through 3.1.1, consider restricting access to the `CALL SNIPPETS` operator and the `load file()` function to minimize the risk of exploitation. Additionally, limit the ability to load files from arbitrary paths to prevent unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.