Summary
Detail | |||
---|---|---|---|
Vendor | Sphider | First view | 2014-08-06 |
Product | Sphider | Last view | 2014-08-07 |
Version | 1.3.6 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:sphider:sphider |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2014-08-07 | CVE-2014-5194 | Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. |
4.3 | 2014-08-07 | CVE-2014-5193 | Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082. |
7.5 | 2014-08-07 | CVE-2014-5192 | SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. |
7.5 | 2014-08-06 | CVE-2014-5082 | Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
25% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
ExploitDB Exploits
id | Description |
---|---|
34238 | Sphider Search Engine - Multiple Vulnerabilities |