A vulnerability has been discovered in the chuggnutt.com "HTML to Plain Text Conversion" PHP class, which can be exploited by malicious people to compromise a vulnerable system.

A vulnerability has been discovered in the chuggnutt.com "HTML to Plain Text Conversion" PHP class, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the class using insecure regular expressions to filter HTML input. This can be exploited to inject and execute arbitrary PHP code by e.g. passing specially crafted data to an application using this class.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Edit the source code to ensure that secure regular expressions are used.