Aggregates CVE and security vulnerability intelligence across all sphider-plus-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation, with potential vendor impact unexpected behavior across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-5086 | A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | [email protected] | 8.8 | 6.38% | 2020-02-10 | 2024-11-21 |
| CVE-2014-5085 | A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | [email protected] | 8.8 | 6.37% | 2020-02-10 | 2024-11-21 |
| CVE-2014-5087 | A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. | [email protected] | 9.8 | 15.83% | 2020-02-07 | 2024-11-21 |
| CVE-2014-5081 | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass | [email protected] | 9.8 | 6.84% | 2020-01-10 | 2024-11-21 |