| 85 | CVE-2014-5194 | 94 | 1 | 2014-08-07 | 2014-08-07 |
6.5
|
|||||||||||||
| Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. |
|||||||||||||||||||
| 86 | CVE-2014-5193 | 79 | 1 | XSS | 2014-08-07 | 2014-08-22 |
4.3
|
||||||||||||
| Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082. |
|||||||||||||||||||
| 91 | CVE-2014-5082 | 89 | 1 | Exec Code Sql | 2014-08-06 | 2015-11-04 |
7.5
|
||||||||||||
| Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. |
|||||||||||||||||||
And it all started because the deprecated code was making Sphider useless. The deeper we dug…
Ain’t that the way life works? You start out fixing one problem and find two more to take its place.
Have we fixed ALL the problems? Probably not, but it is a darn good start!