CyberSec.Space Logo
Back to CVE Browser

CVE-2005-3330

HIGH
7.5
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile37.37th
PublishedOct 27, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Affected Platforms (CPE)

πŸ“¦
Snoopy

Snoopy

= 1.2

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=113028858316430&w=2
πŸ”— http://marc.info/?l=bugtraq&m=113062897231412&w=2
πŸ”— http://secunia.com/advisories/17330
πŸ”— http://secunia.com/advisories/17455
πŸ”— http://secunia.com/advisories/17779
πŸ”— http://secunia.com/advisories/17887
πŸ”— http://securityreason.com/securityalert/117
πŸ”— http://securitytracker.com/id?1015104

Related Vulnerabilities

CVE-2008-479610.0

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) m...

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2008-73139.8

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an in...