CVE-2009-0677

Name of the Vulnerable Software and Affected Versions RavenNuke version 2.30

Description The issue allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg replace function with the eval switch, as specified in an element of the patterns array. This is accessible through modules.php in the Your Account module, specifically in avatarlist.php.

Recommendations For RavenNuke version 2.30, consider disabling the eval switch in the preg replace function or restricting access to avatarlist.php to minimize the risk of exploitation. Additionally, avoid using the replacements array and patterns array with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.