Description
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cr4wl3r · textwebappsphp
https://www.exploit-db.com/exploits/10246
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37522
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54446
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/60581
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/60582
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/10246
Exploit x_refsource_misc
http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt
Scores
EPSS
0.0546
EPSS Percentile
90.2%
Details
CWE
CWE-20
Status
published
Products (13)
basic-cms/sweetrice
0.2.0
basic-cms/sweetrice
0.2.1
basic-cms/sweetrice
0.3.0
basic-cms/sweetrice
0.3.1
basic-cms/sweetrice
0.4.0
basic-cms/sweetrice
0.4.1
basic-cms/sweetrice
0.4.2
basic-cms/sweetrice
0.4.4
basic-cms/sweetrice
0.5.0
basic-cms/sweetrice
0.5.1
... and 3 more
Published
Dec 07, 2009
Tracked Since
Feb 18, 2026