Sphider@1.3.6 Security Vulnerabilities and Issues — Sphider@1.3.6 CVE List

Lucene search

SphiderSphider1.3.6

3 matches found

CVE•added 2014/08/07 11:13 a.m.•52 views

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

6.5CVSS7AI score0.02637EPSS

CVE•added 2014/08/07 11:13 a.m.•43 views

CVE-2014-5193

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.

4.3CVSS7.6AI score0.03118EPSS

CVE•added 2014/08/07 11:13 a.m.•32 views

CVE-2014-5192

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

7.5CVSS8.7AI score0.01016EPSS