Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sphider sphider 1.3.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5193
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
Sphider Sphider 1.3.6
1 EDB exploit
NA
CVE-2014-5192
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote malicious users to execute arbitrary SQL commands via the filter parameter.
Sphider Sphider 1.3.6
1 EDB exploit
NA
CVE-2014-5194
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
Sphider Sphider 1.3.6
1 EDB exploit
NA
CVE-2014-5082
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and previous versions, Sphider Pro, and Sphider-plus allow remote malicious users to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
Sphider Sphider 1.3.5
Sphider Sphider 1.3.4
Sphider Sphider 1.3.2
Sphider Sphider
Sphider Sphider 1.3.3
2 EDB exploits
9.8
CVSSv3
CVE-2014-5081
sphider before 1.3.6, sphider-pro before 3.2, and sphider-plus before 3.2 allow authentication bypass
Sphider Sphider
Sphiderpro Sphider Pro
Sphider-plus Sphider-plus
1 EDB exploit
9.8
CVSSv3
CVE-2014-5087
A vulnerability exists in Sphider Search Engine before 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
Sphider Sphider
Sphider-plus Sphider-plus
Sphiderpro Sphider Pro
1 EDB exploit
8.8
CVSSv3
CVE-2014-5086
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only...
Sphider Sphider
Sphider-plus Sphider-plus
Sphiderpro Sphider Pro
1 EDB exploit
8.8
CVSSv3
CVE-2014-5083
A Command Execution vulnerability exists in Sphider prior to 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.
Sphider Sphider
1 EDB exploit
8.8
CVSSv3
CVE-2014-5085
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider o...
Sphider-plus Sphider-plus 3.2
1 EDB exploit
8.8
CVSSv3
CVE-2014-5084
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider...
Sphiderpro Sphider Pro 3.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started