Lucene search
K

13 matches found

NVD
NVD
added 2014/08/07 11:13 a.m.20 views

CVE-2014-5193

Cross-site scripting XSS vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082...

4.3CVSS5.5AI score0.01832EPSS
Exploits1References3
NVD
NVD
added 2014/08/07 11:13 a.m.19 views

CVE-2014-5192

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter...

7.5CVSS8.4AI score0.01241EPSS
Exploits1References2
Prion
Prion
added 2014/08/07 11:13 a.m.26 views

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

6.5CVSS7.3AI score0.04206EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2014/08/07 11:13 a.m.15 views

Sql injection

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter...

7.5CVSS9AI score0.01241EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/08/07 11:13 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082...

4.3CVSS5.9AI score0.021EPSS
Exploits7References3Affected Software1
Cvelist
Cvelist
added 2014/08/07 10:0 a.m.33 views

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

6.8AI score0.04206EPSS
Exploits3References2
Cvelist
Cvelist
added 2014/08/07 10:0 a.m.18 views

CVE-2014-5192

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter...

8.4AI score0.01241EPSS
Exploits1References2
CVE
CVE
added 2014/08/07 10:0 a.m.58 views

CVE-2014-5193

CVE-2014-5193 is an XSS vulnerability in Sphider 1.3.6 specifically in admin/admin.php where the category parameter can inject arbitrary web script or HTML. The note confirms the URL parameter vector is covered by CVE-2014-5082, indicating multiple input vectors in the same product family. The co...

4.3CVSS7.6AI score0.01832EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/08/07 10:0 a.m.64 views

CVE-2014-5194

Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...

6.5CVSS7AI score0.04206EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2014/08/07 10:0 a.m.41 views

CVE-2014-5192

The vulnerability affects Sphider 1.3.6, specifically in admin/admin.php where the filter parameter is exploitable via SQL injection. The underlying issue enables remote attackers to execute arbitrary SQL commands, with the CVSSv2 base metrics indicating a HIGH impact (Confidentiality/P, Integrit...

7.5CVSS8.7AI score0.01241EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/08/06 6:55 p.m.25 views

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

7.5CVSS8.8AI score0.021EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2014/08/06 6:0 p.m.27 views

CVE-2014-5082

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

10AI score0.021EPSS
Exploits6References2
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.44 views

Sphider Search Engine - Multiple Vulnerabilities

No description provided by source. Exploit Title: Sphider Search Engine - Multiple Vulnerabilities Google Dork: ext:php intext:sphider inurl:search.php Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://www.sphider.eu/ Version:...

7.5CVSS9AI score0.10451EPSS
Exploits12
Rows per page
Query Builder