CVE-2009-4779

Name of the Vulnerable Software and Affected Versions NukeHall versions 0.3 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the spaw root parameter to specific API endpoints: "blocks.php", "messages.php", and "stories.php" in "admin/modules/".

Recommendations For NukeHall versions 0.3 and earlier, as a temporary workaround, consider restricting access to the blocks.php, messages.php, and stories.php files in the "admin/modules/" directory until a patch is available. Avoid using the spaw root parameter in these API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.