Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sphider
(Sphider)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-05-01 | CVE-2007-2411 | PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | Sphider | N/A | ||
| 2020-02-10 | CVE-2014-5086 | A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | Sphider, Sphider\-Plus, Sphider_pro | 8.8 | ||
| 2020-02-07 | CVE-2014-5087 | A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. | Sphider, Sphider\-Plus, Sphider_pro | 9.8 | ||
| 2020-01-10 | CVE-2014-5081 | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass | Sphider, Sphider\-Plus, Sphider_pro | 9.8 |