RSS   Podatności dla 'Sphinx'   RSS

2022-01-10
 
CVE-2020-29050

CWE-22
 

 
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

 
2019-08-22
 
CVE-2019-14511

CWE-306
 

 
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).

 


Copyright 2024, cxsecurity.com

 

Back to Top