CVE-2014-5087
CRITICALSphider < 1.3.6 - Remote Code Execution via admin/spiderfuncs.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-5087. PoCs published by Shayan S.
AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Sphider Search Engine, including authentication bypass, SQL injection, and remote code execution via unsanitized input in configuration files. It provides proof-of-concept commands for each vulnerability.
Description
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
Exploits (1)
The exploit demonstrates multiple vulnerabilities in Sphider Search Engine, including authentication bypass, SQL injection, and remote code execution via unsanitized input in configuration files. It provides proof-of-concept commands for each vulnerability.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H