Vulnerabilities > Sphinxsearch

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2020-29050 Path Traversal vulnerability in multiple products
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory).
network
low complexity
sphinxsearch debian CWE-22
5.0
2019-08-22 CVE-2019-14511 Missing Authentication for Critical Function vulnerability in Sphinxsearch Sphinx 3.1.1
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).
network
low complexity
sphinxsearch CWE-306
7.5