13 matches found
CVE-2014-5193
Cross-site scripting XSS vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082...
CVE-2014-5192
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter...
Code injection
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...
Sql injection
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082...
CVE-2014-5194
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...
CVE-2014-5192
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter...
CVE-2014-5193
CVE-2014-5193 is an XSS vulnerability in Sphider 1.3.6 specifically in admin/admin.php where the category parameter can inject arbitrary web script or HTML. The note confirms the URL parameter vector is covered by CVE-2014-5082, indicating multiple input vectors in the same product family. The co...
CVE-2014-5194
Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...
CVE-2014-5192
The vulnerability affects Sphider 1.3.6, specifically in admin/admin.php where the filter parameter is exploitable via SQL injection. The underlying issue enables remote attackers to execute arbitrary SQL commands, with the CVSSv2 base metrics indicating a HIGH impact (Confidentiality/P, Integrit...
Sql injection
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...
CVE-2014-5082
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...
Sphider Search Engine - Multiple Vulnerabilities
No description provided by source. Exploit Title: Sphider Search Engine - Multiple Vulnerabilities Google Dork: ext:php intext:sphider inurl:search.php Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://www.sphider.eu/ Version:...