Vulnerabilities > Sphider

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-10	CVE-2014-5086	Injection vulnerability in multiple products A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. network low complexity sphider sphider-plus sphiderpro CWE-74	6.5
2020-02-10	CVE-2014-5083	Injection vulnerability in Sphider A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. network low complexity sphider CWE-74	6.5
2020-02-07	CVE-2014-5087	Improper Input Validation vulnerability in multiple products A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. network low complexity sphider sphider-plus sphiderpro CWE-20	7.5
2020-01-10	CVE-2014-5081	Improper Authentication vulnerability in multiple products sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass network low complexity sphider sphiderpro sphider-plus CWE-287	7.5
2014-08-07	CVE-2014-5194	Code Injection vulnerability in Sphider 1.3.6 Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. network low complexity sphider CWE-94	6.5
2014-08-07	CVE-2014-5193	Cross-Site Scripting vulnerability in Sphider 1.3.6 Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. network sphider CWE-79	4.3
2014-08-07	CVE-2014-5192	SQL Injection vulnerability in Sphider 1.3.6 SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. network low complexity sphider CWE-89	7.5
2014-08-06	CVE-2014-5082	SQL Injection vulnerability in Sphider Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. network low complexity sphider CWE-89	7.5
2008-11-24	CVE-2008-5211	Cross-Site Scripting vulnerability in Sphider 1.3.4 Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506. network high complexity sphider CWE-79	2.6
2007-02-24	CVE-2006-7058	Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. network sphider	4.3

Vulnerabilities > Sphider {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sphider"}]}

Vulnerabilities > Sphider