CVE Daily

CVE-2009-4224

Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, an...

Medium CVSS 6.8

Overview

Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.

CWE: CWE-20 Published: 2009-12-07T17:30:00.530
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.8 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags