CVE-2014-5082

Sphider < 1.3.6 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mike Manzotti · textwebappsphp

https://www.exploit-db.com/exploits/34189

View Code ZIP pw:eip

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/34238

View Code ZIP pw:eip

References (2)

[Exploit] http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/34189

Scores

EPSS 0.0206

EPSS Percentile 84.0%

Details

CWE

CWE-89

Status published

Products (5)

sphider/sphider 1.3.2

sphider/sphider 1.3.3

sphider/sphider 1.3.4 (2 CPE variants)

sphider/sphider 1.3.5

sphider/sphider < 1.3.6

Published Aug 06, 2014

Tracked Since Feb 18, 2026