CVE-2014-5084 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sphiderpro	Sphider Pro	3.2

Related Weaknesses (CWE)

CWE-74

References

http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-ExecutExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-ExecutExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2014-5084?

CVE-2014-5084 is a vulnerability with a CVSS score of 8.8 (HIGH). A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instan...

How severe is CVE-2014-5084?

CVE-2014-5084 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-5084?

Check the references section above for vendor advisories and patch information. Affected products include: Sphiderpro Sphider Pro.