CVE-2008-4796

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
Configurations

Configuration 1 (hide)

cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-10-30 20:56

Updated : 2024-02-28 11:21


NVD link : CVE-2008-4796

Mitre link : CVE-2008-4796

CVE.ORG link : CVE-2008-4796


JSON object : View

Products Affected

wordpress

  • wordpress

snoopy_project

  • snoopy

nagios

  • nagios

debian

  • debian_linux
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')