- Description
- The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- snoopy, debian_linux, nagios, wordpress
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-78
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41656D34-7042-48B9-9ADF-D58CA525087A",
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23B79AF-8C39-4188-B404-40AE46D4617B",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A88DFCEE-A687-4A3E-9912-76E45C8B3B7E",
"versionEndExcluding": "2.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]