mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
756 B
756 B
CVE-2014-5194
Description
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
POC
Reference
- http://packetstormsecurity.com/files/159715/Sphider-Search-Engine-1.3.6-Remote-Code-Execution.html
- http://www.exploit-db.com/exploits/34189
Github
No PoCs found on GitHub currently.