Описание
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.6 (исключая)Версия до 3.2 (исключая)Версия до 3.2 (исключая)
Одно из
cpe:2.3:a:sphider:sphider:*:*:*:*:*:*:*:*
cpe:2.3:a:sphider-plus:sphider-plus:*:*:*:*:*:*:*:*
cpe:2.3:a:sphiderpro:sphider_pro:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06697
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
github
больше 3 лет назад
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider.
EPSS
Процентиль: 91%
0.06697
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-74