Vulnerabilities > Sphider Plus

DATE CVE VULNERABILITY TITLE RISK
2020-02-10 CVE-2014-5086 Injection vulnerability in multiple products
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
sphider sphider-plus sphiderpro CWE-74
8.8
2020-02-10 CVE-2014-5085 Injection vulnerability in Sphider-Plus 3.2
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
sphider-plus CWE-74
8.8
2020-02-07 CVE-2014-5087 Improper Input Validation vulnerability in multiple products
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
sphider sphider-plus sphiderpro CWE-20
critical
9.8
2020-01-10 CVE-2014-5081 Improper Authentication vulnerability in multiple products
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
network
low complexity
sphider sphiderpro sphider-plus CWE-287
critical
9.8