Sphider-Plus: >> Sphider-Plus >> 3.2 Security Vulnerabilities
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.
CVSS Score
8.8
EPSS Score
0.067
Published
2020-02-10