[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4224

Date: (C)2009-12-07   (M)2017-08-18 


Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
EXPLOIT-DB-10246
SECUNIA-37522
OSVDB-60581
OSVDB-60582
http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt
sweetrice-post-file-include(54446)

CWE    1
CWE-20

© 2013 SecPod Technologies