Unrated severityNVD Advisory· Published Aug 6, 2014· Updated May 6, 2026

CVE-2014-5082

Description

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

Affected products

Sphider/Sphider6 versions
cpe:2.3:a:sphider:sphider:1.3.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:sphider:sphider:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:sphider:sphider:*:*:*:*:*:*:*:*range: <=1.3.6
- cpe:2.3:a:sphider:sphider:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:sphider:sphider:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:sphider:sphider:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:sphider:sphider:1.3.4:b:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.htmlnvdExploit
www.exploit-db.com/exploits/34189nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000