CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4557

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile4.00th
PublishedOct 14, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.

Affected Platforms (CPE)

πŸ“¦
Cutephp

Cutenews

= 1.1.1

References & Advisories

πŸ”— http://secunia.com/advisories/28330
πŸ”— http://securityreason.com/securityalert/4403
πŸ”— http://www.osvdb.org/40236
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39450
πŸ”— https://www.exploit-db.com/exploits/4851
πŸ”— http://secunia.com/advisories/28330
πŸ”— http://securityreason.com/securityalert/4403
πŸ”— http://www.osvdb.org/40236

Related Vulnerabilities

CVE-2019-114478.8

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the ...

CVE-2020-55588.8

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

CVE-2003-12407.5

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cu...

CVE-2004-16607.5

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via th...