Sphider

Sphider

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2014-5086

Exploit
  • EPSS 6.7%
  • Veröffentlicht 10.02.2020 15:15:19
  • Zuletzt bearbeitet 21.11.2024 02:11:23

A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sph...

8.8

CVE-2014-5083

Exploit
  • EPSS 6.69%
  • Veröffentlicht 10.02.2020 15:15:18
  • Zuletzt bearbeitet 21.11.2024 02:11:22

A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.

9.8

CVE-2014-5087

Exploit
  • EPSS 15.84%
  • Veröffentlicht 07.02.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 02:11:23

A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.

9.8

CVE-2014-5081

Exploit
  • EPSS 6.84%
  • Veröffentlicht 10.01.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 02:11:22

sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass

7.5

CVE-2014-5192

Exploit
  • EPSS 1.02%
  • Veröffentlicht 07.08.2014 11:13:37
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

4.3

CVE-2014-5193

Exploit
  • EPSS 3.12%
  • Veröffentlicht 07.08.2014 11:13:37
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.

6.5

CVE-2014-5194

Exploit
  • EPSS 2.64%
  • Veröffentlicht 07.08.2014 11:13:37
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

7.5

CVE-2014-5082

Exploit
  • EPSS 2.4%
  • Veröffentlicht 06.08.2014 18:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

2.6

CVE-2008-5211

Exploit
  • EPSS 5.08%
  • Veröffentlicht 24.11.2008 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.

7.5

CVE-2007-2411

  • EPSS 1.46%
  • Veröffentlicht 01.05.2007 10:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not...