CVE-2009-4224
published 2009-12-07CVE-2009-4224: Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.63%
83.6th percentile
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basic-cms | sweetrice | <= 0.5.4 | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
| basic-cms | sweetrice | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txthttp://secunia.com/advisories/37522http://www.exploit-db.com/exploits/10246http://www.osvdb.org/60581http://www.osvdb.org/60582https://exchange.xforce.ibmcloud.com/vulnerabilities/54446http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txthttp://secunia.com/advisories/37522http://www.exploit-db.com/exploits/10246http://www.osvdb.org/60581http://www.osvdb.org/60582https://exchange.xforce.ibmcloud.com/vulnerabilities/54446
2009-12-07
Published