This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sphider First view 2014-08-06
Product Sphider Last view 2014-08-07
Version 1.3.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sphider:sphider

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2014-08-07 CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

4.3 2014-08-07 CVE-2014-5193

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.

7.5 2014-08-07 CVE-2014-5192

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

7.5 2014-08-06 CVE-2014-5082

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
25% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
25% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

ExploitDB Exploits

id Description
34238 Sphider Search Engine - Multiple Vulnerabilities