The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2008-10-30 20:56
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4796
Mitre link : CVE-2008-4796
CVE.ORG link : CVE-2008-4796
JSON object : View
Products Affected
wordpress
- wordpress
snoopy_project
- snoopy
nagios
- nagios
debian
- debian_linux
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')