CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
98.5%
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
marc.info/?l=bugtraq&m=113028858316430&w=2
marc.info/?l=bugtraq&m=113062897231412&w=2
secunia.com/advisories/17330
secunia.com/advisories/17455
secunia.com/advisories/17779
secunia.com/advisories/17887
securityreason.com/securityalert/117
securitytracker.com/id?1015104
sourceforge.net/project/shownotes.php?release_id=368750
sourceforge.net/project/shownotes.php?release_id=375385
www.osvdb.org/20316
www.securityfocus.com/bid/15213
www.vupen.com/english/advisories/2005/2202
www.vupen.com/english/advisories/2005/2335
www.vupen.com/english/advisories/2005/2727
exchange.xforce.ibmcloud.com/vulnerabilities/22874
svn.ampache.org/branches/3.3.1/docs/CHANGELOG