EIP-2026-112511

This is a technical writeup describing an unauthenticated file upload vulnerability in SweetRice CMS versions prior to 0.6.4. The vulnerability exists due to misconfigured file extension restrictions in the FCKeditor plugin, allowing remote attackers to upload files with predefined extensions without authentication.