cbcvebase.

Basic-Cms Sweetrice vulnerabilities

6 known vulnerabilities affecting basic-cms/sweetrice.

Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2010-5317P3HIGHCVSS 7.5PoCv0.6.7.12015-01-03
CVE-2010-5317 [HIGH] CWE-89 CVE-2010-5317: Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote att Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
nvd
CVE-2009-4231P3HIGHCVSS 7.5PoC≤ 0.5.3v0.2.0+7 more2009-12-08
CVE-2009-4231 [HIGH] CWE-22 CVE-2009-4231: Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
nvd
CVE-2009-4224P3MEDIUMCVSS 6.8PoC≤ 0.5.4v0.2.0+11 more2009-12-07
CVE-2009-4224 [MEDIUM] CWE-20 CVE-2009-4224: Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remo Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
nvd
CVE-2010-5318P3MEDIUMCVSS 4.3PoCv0.6.7.12015-01-03
CVE-2010-5318 [MEDIUM] CWE-255 CVE-2010-5318: The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers t The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
nvd
CVE-2010-5316P4MEDIUMCVSS 4.3v0.6.7.12015-01-03
CVE-2010-5316 [MEDIUM] CWE-79 CVE-2010-5316: Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remo Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.
nvd
CVE-2011-3804P4MEDIUMCVSS 5.0v0.7.12011-09-24
CVE-2011-3804 [MEDIUM] CWE-200 CVE-2011-3804: SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .p SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
nvd
Basic-Cms Sweetrice vulnerabilities | cvebase