CVE-2008-4557

Sažetak

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.

Reference

http://secunia.com/advisories/28330
http://securityreason.com/securityalert/4403
http://www.osvdb.org/40236
https://exchange.xforce.ibmcloud.com/vulnerabilities/39450
https://www.exploit-db.com/exploits/4851

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:32

Objavljeno

14-10-2008 - 22:36