Description

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Remediation

References

CVE-2008-4796

Related Vulnerabilities

MySQL CVE-2015-4870 Vulnerability (CVE-2015-4870)

Squid Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-19132)

WordPress Plugin File Manager Pro Arbitrary File Upload (8.3.4)

WordPress 5.3.x Directory Traversal (5.3 - 5.3.17)

WordPress Plugin ManageWP Worker Unspecified Vulnerability (4.1.7)

Severity

Critical

Classification

CVE-2008-4796 CWE-138

Tags

Missing Update Known Vulnerabilities