PT-2020-7703 · Unknown · Sphider Pro+1
Published
2020-02-10
·
Updated
2021-09-09
·
CVE-2014-5086
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sphider Pro version 3.2
Sphider Plus version 3.2
Description
A Command Execution issue exists due to insufficient sanitization of
fwrite to conf.php, which could let a remote malicious user execute arbitrary code.Recommendations
For Sphider Pro version 3.2, consider disabling the
fwrite function to conf.php until a patch is available.
For Sphider Plus version 3.2, restrict access to the conf.php file to minimize the risk of exploitation.Exploit
Fix
RCE
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sphider Plus
Sphider Pro