返回 CVE 浏览器

CVE-2008-4796

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1560%

EPSS Percentile15.66th

Published2008年10月30日

Last Modified2026年4月23日

Vulnerability Description

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Affected Platforms (CPE)

📦

Snoopy Project

Snoopy

<= 1.2.3

💻

Debian

Debian Linux

= 4.0

💻

Debian

Debian Linux

= 5.0

📦

Nagios

Nagios

< 4.2.2

📦

Wordpress

Wordpress

< 2.6.3

References & Advisories

🔗 http://jvn.jp/en/jp/JVN20502807/index.html

🔗 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html

🔗 http://secunia.com/advisories/32361

🔗 http://sourceforge.net/forum/forum.php?forum_id=879959

🔗 http://www.debian.org/security/2008/dsa-1691

🔗 http://www.debian.org/security/2009/dsa-1871

🔗 http://www.openwall.com/lists/oss-security/2008/11/01/1

🔗 http://www.securityfocus.com/archive/1/496068/100/0/threaded

相关漏洞威胁

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2008-73139.8

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an in...

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL

CVE-2014-50089.8

Snoopy allows remote attackers to execute arbitrary commands.