Total vulnerabilities in the database
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
| Software | From | Fixed in |
|---|---|---|
| sphider / sphider | 1.3.2 | 1.3.2.x |
| sphider / sphider | 1.3.4-b | 1.3.4-b.x |
| sphider / sphider | 1.3.5 | 1.3.5.x |
| sphider / sphider | 1.3.4 | 1.3.4.x |
| sphider / sphider | - | 1.3.6.x |
| sphider / sphider | 1.3.3 | 1.3.3.x |