CVE-2014-5193
Sphider 1.3.6 - Cross-Site Scripting via Category Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-5193. PoCs published by Mike Manzotti.
AI-analyzed exploit summary The exploit demonstrates SQL injection, PHP code injection (RCE), and XSS vulnerabilities in Sphider 1.3.6. It includes proof-of-concept payloads for each vulnerability type, with clear examples of malicious input and expected responses.
Description
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
Exploits (1)
The exploit demonstrates SQL injection, PHP code injection (RCE), and XSS vulnerabilities in Sphider 1.3.6. It includes proof-of-concept payloads for each vulnerability type, with clear examples of malicious input and expected responses.