Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P
Vendors Products
Sphider
  • Sphider

Configuration 1 [-]

cpe:2.3:a:sphider:sphider:1.3.6:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/159715/Sphider-Search-Engine-1.3.6-Remote-Code-Execution.html
http://www.exploit-db.com/exploits/34189 Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-08-07T10:00:00

Updated: 2020-10-27T15:06:33

Reserved: 2014-08-07T00:00:00

Link: CVE-2014-5194

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2014-08-07T11:13:37.203

Modified: 2020-10-27T16:15:12.330

Link: CVE-2014-5194

JSON object: View

cve-icon Redhat Information

No data.

CWE