CVE-2010-5318
- EPSS 3.43%
- Veröffentlicht 03.01.2015 11:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
CVE-2010-5317
- EPSS 0.25%
- Veröffentlicht 03.01.2015 11:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3)...
CVE-2010-5316
- EPSS 0.23%
- Veröffentlicht 03.01.2015 11:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.
- EPSS 0.28%
- Veröffentlicht 24.09.2011 00:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
CVE-2009-4231
- EPSS 0.91%
- Veröffentlicht 08.12.2009 19:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
CVE-2009-4224
- EPSS 5.47%
- Veröffentlicht 07.12.2009 17:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.