Vulnerability Description
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sphider | Sphider | < 1.3.6 |
| Sphider-Plus | Sphider-Plus | < 3.2 |
| Sphiderpro | Sphider Pro | < 3.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-ExecutExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-ExecutExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2014-5086?
CVE-2014-5086 is a vulnerability with a CVSS score of 8.8 (HIGH). A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CV...
How severe is CVE-2014-5086?
CVE-2014-5086 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5086?
Check the references section above for vendor advisories and patch information. Affected products include: Sphider Sphider, Sphider-Plus Sphider-Plus, Sphiderpro Sphider Pro.