CVE-2008-4557

Name of the Vulnerable Software and Affected Versions CuteNews.ru version 1.1.1

Description The issue allows remote attackers to execute arbitrary PHP code via the text parameter in the plugins/wacko/highlight/html.php file. This parameter is inserted into an executable regular expression, enabling the execution of malicious code.

Recommendations For CuteNews.ru version 1.1.1, consider restricting access to the plugins/wacko/highlight/html.php file to minimize the risk of exploitation. Avoid using the text parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.