CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4796

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile15.66th
PublishedOct 30, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Affected Platforms (CPE)

πŸ“¦
Snoopy Project

Snoopy

<= 1.2.3
πŸ’»
Debian

Debian Linux

= 4.0
πŸ’»
Debian

Debian Linux

= 5.0
πŸ“¦
Nagios

Nagios

< 4.2.2
πŸ“¦
Wordpress

Wordpress

< 2.6.3

References & Advisories

πŸ”— http://jvn.jp/en/jp/JVN20502807/index.html
πŸ”— http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
πŸ”— http://secunia.com/advisories/32361
πŸ”— http://sourceforge.net/forum/forum.php?forum_id=879959
πŸ”— http://www.debian.org/security/2008/dsa-1691
πŸ”— http://www.debian.org/security/2009/dsa-1871
πŸ”— http://www.openwall.com/lists/oss-security/2008/11/01/1
πŸ”— http://www.securityfocus.com/archive/1/496068/100/0/threaded

Related Vulnerabilities

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2008-73139.8

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an in...

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL

CVE-2014-50089.8

Snoopy allows remote attackers to execute arbitrary commands.