NA
CVSSv3

CVE-2014-5082

CVSSv4: NA | CVSSv3: NA | CVSSv2: 7.5 | VMScore: 850 | EPSS: 0.00222 | KEV: Not Included
Published: 06/08/2014 Updated: 21/11/2024

Vulnerability Summary

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and previous versions, Sphider Pro, and Sphider-plus allow remote malicious users to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sphider sphider

sphider sphider 1.3.2

sphider sphider 1.3.3

sphider sphider 1.3.4

sphider sphider 1.3.5

Exploits

Sphider versions prior to 136 suffer from remote command execution and remote SQL injection vulnerabilities ...
# Exploit Title: Sphider Search Engine - Multiple Vulnerabilities # Google Dork: ext:php intext:sphider inurl:searchphp # Date: 6/20/2014 # Exploit Author: Shayan Sadigh (twittercom/r1pplex) | <ienjoyripples@gmailcom> # Vendor Homepage: wwwsphidereu/ # Version: Sphider < 136 | Sphider Pro/Plus as well # Tested on: Linux &amp ...
# Exploit Title: Sphider 136 or later SQL Injection # Google Dork: intitle:"Sphider Admin Login" # Date: 1 July 2014 # Exploit Author: Mike Manzotti # Vendor Homepage: wwwsphidereu/ # Software Link: wwwsphidereu/sphider-136zip # Version: v 136 Description: The web application is vulnerable to SQLi Once a website has been ...