RSS   Vulnerabilities for 'Sphider-plus'   RSS

2020-02-10
 
CVE-2014-5085

CWE-74
 

 
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.

 
2020-02-07
 
CVE-2014-5087

CWE-20
 

 
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.

 
2020-01-10
 
CVE-2014-5081

CWE-287
 

 
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass

 


Copyright 2024, cxsecurity.com

 

Back to Top