Published: 06/08/2014 Updated: 21/11/2024

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and previous versions, Sphider Pro, and Sphider-plus allow remote malicious users to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sphider sphider
sphider sphider 1.3.2
sphider sphider 1.3.3
sphider sphider 1.3.4
sphider sphider 1.3.5

# Exploit Title: Sphider Search Engine - Multiple Vulnerabilities # Google Dork: ext:php intext:sphider inurl:searchphp # Date: 6/20/2014 # Exploit Author: Shayan Sadigh (twittercom/r1pplex) | <ienjoyripples@gmailcom> # Vendor Homepage: wwwsphidereu/ # Version: Sphider < 136 | Sphider Pro/Plus as well # Tested on: Linux &amp ...

# Exploit Title: Sphider 136 or later SQL Injection # Google Dork: intitle:"Sphider Admin Login" # Date: 1 July 2014 # Exploit Author: Mike Manzotti # Vendor Homepage: wwwsphidereu/ # Software Link: wwwsphidereu/sphider-136zip # Version: v 136 Description: The web application is vulnerable to SQLi Once a website has been ...

Sphider versions prior to 136 suffer from remote command execution and remote SQL injection vulnerabilities ...

CWE-89 https://nvd.nist.gov https://www.exploit-db.com/exploits/34238/https://www.first.org/epss http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html http://www.exploit-db.com/exploits/34189 http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html http://www.exploit-db.com/exploits/34189

CVE-2014-5082

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect