3 matches found
Sphider Search Engine 1.3.6 Remote Code Execution
Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)
Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...
CVE-2014-5194
Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...