plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
https://www.exploit-db.com/exploits/4851
https://exchange.xforce.ibmcloud.com/vulnerabilities/39450