Lucene search

[email protected]CVE-2008-4557

HistoryOct 14, 2008 - 10:36 p.m.

CVE-2008-4557

2008-10-1422:36:58

CWE-94

[email protected]

web.nvd.nist.gov

cutenews

strawberry

remote code execution

php

cve-2008-4557

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.

Affected configurations

NVD

Node

cutephpcutenewsMatch1.1.1

CPENameOperatorVersion
cutephp:cutenewscutephp cutenewseq1.1.1

CPE	Name	Operator	Version
cutephp:cutenews	cutephp cutenews	eq	1.1.1

References

secunia.com/advisories/28330

securityreason.com/securityalert/4403

www.osvdb.org/40236

exchange.xforce.ibmcloud.com/vulnerabilities/39450

www.exploit-db.com/exploits/4851

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for CVE-2008-4557

nvd1 prion1 canvas1 cvelist1