Prodder prior to 0.5, and perlpodder prior to 0.5, allows remote malicious users to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
perlpodder perlpodder 0.3 |
||
prodder prodder 0.3 |
||
perlpodder perlpodder 0.2 |
||
prodder prodder |
||
perlpodder perlpodder |