CVE-2009-4231
Severity:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
08/12/2009
Last modified:
09/12/2009
Description
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:basic-cms:sweetrice:*:*:*:*:*:*:*:* | 0.5.3 (including) | |
cpe:2.3:a:basic-cms:sweetrice:0.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.5.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page