Description
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Affected products
- basic-cms / sweetrice0.5.3
- basic-cms / sweetrice0.2.0 – 0.2.0
- basic-cms / sweetrice0.2.1 – 0.2.1
- basic-cms / sweetrice0.3.0 – 0.3.0
- basic-cms / sweetrice0.4.0 – 0.4.0
- basic-cms / sweetrice0.4.1 – 0.4.1
- basic-cms / sweetrice0.4.2 – 0.4.2
- basic-cms / sweetrice0.4.4 – 0.4.4
- basic-cms / sweetrice0.5.2 – 0.5.2