CVE-2009-0673

Name of the Vulnerable Software and Affected Versions RavenNuke version 2.30

Description The issue concerns an eval injection vulnerability in the Custom Fields feature within the Your Account module. This allows remote authenticated administrators to execute arbitrary PHP code. The exploitation occurs via the ID Field Name box in a yaCustomFields action to the "admin.php" endpoint.

Recommendations For RavenNuke version 2.30, consider restricting access to the Custom Fields feature in the Your Account module until a patch is available. As a temporary workaround, avoid using the ID Field Name box in the yaCustomFields action to minimize the risk of exploitation.