cbcvebase.
CVE-2009-4224
published 2009-12-07

CVE-2009-4224: Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.63%
83.6th percentile
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.

Affected

13 ranges
VendorProductVersion rangeFixed in
basic-cmssweetrice<= 0.5.4
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
basic-cmssweetrice
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.