PT-2014-6270 · Sphider · Sphider+2
Publicado
2014-08-06
·
Atualizado
2015-11-04
·
CVE-2014-5082
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sphider versions 1.3.6 and earlier
Sphider Pro (affected versions not specified)
Sphider-plus (affected versions not specified)
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
site id or url parameter in the "admin/admin.php" file.Recommendations
For Sphider versions 1.3.6 and earlier: Update to a version later than 1.3.6.
For Sphider Pro: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Sphider-plus: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sphider
Sphider Pro
Sphider Plus