Basic-Cms: >> Sweetrice >> 0.4.0 Security Vulnerabilities
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2009-12-08
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
CVSS Score
6.8
EPSS Score
0.055
Published
2009-12-07