← back
CVE-2014-5084

CVE-2014-5084

EPSS 7.7%
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/34238unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html