This is why we decided to update Sphider!

85 CVE-2014-5194 94 1 2014-08-07 2014-08-07
6.5
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote
authenticated users to inject arbitrary PHP code into settings/conf.php via
the _word_upper_bound parameter.
86 CVE-2014-5193 79 1 XSS 2014-08-07 2014-08-22
4.3
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows
remote attackers to inject arbitrary web script or HTML via the category parameter.
NOTE: the url parameter vector is already covered by CVE-2014-5082.
91 CVE-2014-5082 89 1 Exec Code Sql 2014-08-06 2015-11-04
7.5
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and
earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary
SQL commands via the (1) site_id or (2) url parameter.

And it all started because the deprecated code was making Sphider useless. The deeper we dug…

Ain’t that the way life works? You start out fixing one problem and find two more to take its place.

Have we fixed ALL the problems? Probably not, but it is a darn good start!