A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but donβt exist in Sphider.
CPE | Name | Operator | Version |
---|---|---|---|
sphider | lt | 1.3.6 | |
sphider-plus | lt | 3.2 | |
sphider_pro | lt | 3.2 |