Description
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cr4wl3r · textwebappsphp
https://www.exploit-db.com/exploits/10246
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt
Scores
EPSS
0.0091
EPSS Percentile
75.9%
Details
CWE
CWE-22
Status
published
Products (9)
basic-cms/sweetrice
0.2.0
basic-cms/sweetrice
0.2.1
basic-cms/sweetrice
0.3.0
basic-cms/sweetrice
0.4.0
basic-cms/sweetrice
0.4.1
basic-cms/sweetrice
0.4.2
basic-cms/sweetrice
0.4.4
basic-cms/sweetrice
0.5.2
basic-cms/sweetrice
< 0.5.3
Published
Dec 08, 2009
Tracked Since
Feb 18, 2026