cuteNewsExec.txt

`There is a vulnerability in the latest (and to the best of my  
knowledge, all prior versions of) CuteNews from CutePHP.com.  
  
CuteNews does not properly sanitize user input when an administrative  
account edits the template files. CuteNews takes HTML code from a web  
form and outputs it to a template file called <templatename>.tpl,  
which contains PHP code similar to the following:  
  
--snip--  
<?PHP  
$template_active = <<<HTML  
[HTML template code]  
HTML;  
$template_full = <<<HTML  
[HTML template code]  
HTML;  
?>  
--snap--  
  
By entering:  
  
--snip--  
HTML;  
[PHP code]  
$fake_template = <<<HTML  
--snap--  
  
as input to the template script, an administrative account can execute  
PHP code, opening up possibilities such as executing shell commands on  
the local system.  
  
Admittedly, this is mitigated somewhat by the fact that administrative  
access is required, but if an attacker has compromised an  
administrative account, they can use this to escalate their  
privileges.  
  
John  
`