EIP-2026-112381

PRE-CVE

Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112381. PoCs published by Gurkirat Singh.

AI-analyzed exploit summary This exploit targets CVE-2014-5194 in Sphider Search Engine 1.3.6, leveraging an authenticated command injection vulnerability in the 'word_upper_bound' parameter. It authenticates, injects a malicious payload, and spawns an interactive shell.

Description

Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)

Exploits (1)

exploitdb WORKING POC
by Gurkirat Singh · pythonwebappsphp
https://www.exploit-db.com/exploits/48957

This exploit targets CVE-2014-5194 in Sphider Search Engine 1.3.6, leveraging an authenticated command injection vulnerability in the 'word_upper_bound' parameter. It authenticates, injects a malicious payload, and spawns an interactive shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sphider Search Engine v1.3.6
Auth required
Prerequisites: Valid credentials for Sphider admin panel · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026