Skip to content

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

View on NVD

Severity

N/A

EPSS

Probability of exploitation (next 30 days): 0.0226 (2.3%)
Percentile: 84.7%
EPSS: 2026-05-06

Affects

sphider:sphider

Technical description

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

Published: 8/7/2014, 11:13:37 AM
Last modified: 5/6/2026, 10:30:45 PM

References

HomeEventsBlogResourcesTeam