Lucene search
K

CVE-2014-5087

🗓️ 07 Feb 2020 17:36:48Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 106 Views🌐 WEB

Vulnerability in Sphider Search Engine prior to 1.3.6 allows remote code execution

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Sphider Search Engine - Multiple Vulnerabilities
3 Aug 201400:00
zdt
Cvelist
CVE-2014-5087
7 Feb 202017:36
cvelist
Exploit DB
Sphider Search Engine - Multiple Vulnerabilities
2 Aug 201400:00
exploitdb
exploitpack
Sphider Search Engine - Multiple Vulnerabilities
2 Aug 201400:00
exploitpack
NVD
CVE-2014-5087
7 Feb 202018:15
nvd
Packet Storm
Sphider Search Engine Command Execution / SQL Injection
3 Aug 201400:00
packetstorm
Prion
Code injection
7 Feb 202018:15
prion
seebug.org
Sphider Search Engine - Multiple Vulnerabilities
4 Aug 201400:00
seebug
NVD
ParameterPositionPathDescriptionCWE
userrequest bodysphider/admin/admin.phpAuth bypass / login-evading input leading to unauthorized access (admin/admin.php).CWE-20
passrequest bodysphider/admin/admin.phpAuth bypass / login-evading input leading to unauthorized access (admin/admin.php).CWE-20
frequest bodysphider/admin/admin.phpAuth bypass / login-evading input leading to unauthorized access (admin/admin.php).CWE-20
site_idrequest bodysphider/admin/admin.phpAuth bypass / login-evading input leading to unauthorized access (admin/admin.php).CWE-20
urlrequest bodysphider/admin/admin.phpAuth bypass / login-evading input leading to unauthorized access (admin/admin.php).CWE-20
advrequest bodysphider/admin/admin.phpAuth bypass / login-evading input leading to unauthorized access (admin/admin.php).CWE-20
userrequest bodysphider/admin/admin.phpSQL injection vulnerability in admin.php via crafted POST parameters (SQLi).CWE-89CWE-20
passrequest bodysphider/admin/admin.phpSQL injection vulnerability in admin.php via crafted POST parameters (SQLi).CWE-89CWE-20
frequest bodysphider/admin/admin.phpSQL injection vulnerability in admin.php via crafted POST parameters (SQLi).CWE-89CWE-20
site_idrequest bodysphider/admin/admin.phpSQL injection vulnerability in admin.php via crafted POST parameters (SQLi).CWE-89CWE-20
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 00:11Current
9.4High risk
Vulners AI Score9.4
CVSS 27.5
CVSS 3.19.8
EPSS0.07181
106