Published: 27/10/2005 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote malicious users to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

snoopy snoopy 1.2

Vendor Advisories

Debian Bug report logs - #778634 libphp-snoopy: CVE-2008-7313 / CVE-2014-5008 Package: libphp-snoopy; Maintainer for libphp-snoopy is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for libphp-snoopy is src:libphp-snoopy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...


source: wwwsecurityfocuscom/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input This issue may facilitate unauthorized remote access to the application in the context of the webserver www%22;+echo+'hello'+%3E+ ...

Mailing Lists

Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents The version of Snoopy in use suffers from a local file disclosure vulnerability ...