CVE-2009-4224
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
07/12/2009
Last modified:
17/08/2017
Description
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:basic-cms:sweetrice:*:*:*:*:*:*:*:* | 0.5.4 (including) | |
cpe:2.3:a:basic-cms:sweetrice:0.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.4.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.5.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.5.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.5.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:basic-cms:sweetrice:0.5.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page