CVE-2007-2411

Name of the Vulnerable Software and Affected Versions Sphider versions 1.2.x

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the include dir parameter in the index.php file. A third party disputes this issue, stating that the application is not vulnerable.

Recommendations For Sphider versions 1.2.x, as a temporary workaround, consider restricting access to the include dir parameter in the index.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.