CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-4557

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile4.00th
Published2008年10月14日
Last Modified2026年4月23日

Vulnerability Description

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.

Affected Platforms (CPE)

📦
Cutephp

Cutenews

= 1.1.1

References & Advisories

🔗 http://secunia.com/advisories/28330
🔗 http://securityreason.com/securityalert/4403
🔗 http://www.osvdb.org/40236
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39450
🔗 https://www.exploit-db.com/exploits/4851
🔗 http://secunia.com/advisories/28330
🔗 http://securityreason.com/securityalert/4403
🔗 http://www.osvdb.org/40236

相关漏洞威胁

CVE-2019-114478.8

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the ...

CVE-2020-55588.8

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

CVE-2003-12407.5

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cu...

CVE-2004-16607.5

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via th...