CyberSec.Space Logo
返回 CVE 浏览器

CVE-2005-3330

HIGH
7.5
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile37.37th
Published2005年10月27日
Last Modified2026年4月16日

Vulnerability Description

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Affected Platforms (CPE)

📦
Snoopy

Snoopy

= 1.2

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=113028858316430&w=2
🔗 http://marc.info/?l=bugtraq&m=113062897231412&w=2
🔗 http://secunia.com/advisories/17330
🔗 http://secunia.com/advisories/17455
🔗 http://secunia.com/advisories/17779
🔗 http://secunia.com/advisories/17887
🔗 http://securityreason.com/securityalert/117
🔗 http://securitytracker.com/id?1015104

相关漏洞威胁

CVE-2008-479610.0

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) m...

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2008-73139.8

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an in...